charlesarthur + surveillance   86

Cute videos, but little evidence: police say Amazon Ring isn't much of a crime fighter • NBC News
Cyrus Farivar:
<p>Ring promises to “make neighbourhoods safer” by deterring and helping to solve crimes, citing its own research that says an installation of its doorbell cameras reduces burglaries by more than 50 percent. But an NBC News Investigation has found — after interviews with 40 law enforcement agencies in eight states that have partnered with Ring for at least three months — that there is little concrete evidence to support the claim.

Three agencies said the ease with which the public can share Ring videos means officers spend time reviewing clips of non-criminal issues such as racoons and petty disagreements between neighbors. Others noted that the flood of footage generated by Ring cameras rarely led to positive identifications of suspects, let alone arrests.

Thirteen of the 40 jurisdictions reached, including Winter Park, said they had made zero arrests as a result of Ring footage. Thirteen were able to confirm arrests made after reviewing Ring footage, while two offered estimates. The rest, including large cities like Phoenix, Miami, and Kansas City, Missouri, said that they don’t know how many arrests had been made as a result of their relationship with Ring — and therefore could not evaluate its effectiveness — even though they had been working with the company for well over a year.

Ring’s rise also comes at a time when reports of property crimes, including package theft and burglaries, are already in steep decline across the United States.</p>


A year feels like too short a time to be certain, but you'd hope they'd have an inkling by now.
ring  amazon  surveillance 
4 days ago by charlesarthur
Ring doorbell app packed with third-party trackers • Electronic Frontier Foundation
Bill Budington:
<p>An investigation by EFF of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers’ personally identifiable information (PII). Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.

The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device…

…Ring has exhibited a pattern of behavior that attempts to mitigate exposure to criticism and scrutiny while benefiting from the wide array of customer data available to them…

…Our testing, using Ring for Android version 3.21.1, revealed PII delivery to branch.io, mixpanel.com, appsflyer.com and facebook.com. Facebook, via its Graph API, is alerted when the app is opened and upon device actions such as app deactivation after screen lock due to inactivity. Information delivered to Facebook (even if you don’t have a Facebook account) includes time zone, device model, language preferences, screen resolution, and a unique identifier (anon_id), which persists even when you reset the OS-level advertiser ID.

Branch, which describes itself as a “deep linking” platform, receives a number of unique identifiers (device_fingerprint_id, hardware_id, identity_id) as well as your device’s local IP address, model, screen resolution, and DPI…

…Ring gives MixPanel the most information by far. Users’ full names, email addresses, device information such as OS version and model, whether bluetooth is enabled, and app settings such as the number of locations a user has Ring devices installed in, are all collected and reported to MixPanel. </p>
ring  amazon  privacy  surveillance 
23 days ago by charlesarthur
DNA collection at the border threatens the privacy of all Americans • The New York Times
Daniel I. Morales, Natalie Ram and Jessica L. Roberts:
<p>How we treat the people that cross our borders speaks to our identity as a nation. Immigrants are Americans of the future and the criteria we use to select or bar immigrants reflect our aspirations for the society we wish to become. The new DNA collection program may yet revive darker, eugenic impulses in immigration history. Modern, quota-based immigration law was born of a desire to improve the “quality” of America’s racial stock by drastically limiting immigration from peoples “scientifically” believed to be less intelligent than other groups. Italians and other southern European immigrants, for example, were granted fewer visas based on this false science.

It is a small leap from requiring immigrants to submit their DNA to verify familial relationships, or to mitigate future criminal risk (the pretexts the government has cited to justify its recent policy change) to requiring DNA screening of immigrants for health, disability, intelligence or disease. These screens for “fitness”— likely based on questionable science — could ultimately be used to deny entry into the United States or, if discovered later, as a basis for expulsion. Regardless of reliability we would not support genetic screening for fitness. Courts have usually failed to protect immigrants from such impulses, so it is up to citizens to learn from this history and decide that building a society this way is unacceptable.</p>


The point that DNA could be used to deny entry, and then might be expanded to the general population, is a good one. If you think that it couldn't possibly happen, look at the utter inability of the American system to rein in Trump (or his mini-me, Stephen Miller), and cast that forward a few years.
privacy  surveillance  dna 
25 days ago by charlesarthur
Special sunglasses, license-plate dresses, Juggalo face paint: how to be anonymous in the age of surveillance • The Seattle Times
Melissa Hellmann:
<p>Daniel Castro, the vice president of nonprofit think tank Information Technology and Innovation Foundation, believes the error rates could be reduced by comparing images to a wider range of databases that are more diverse.

Facial recognition systems have proved effective in pursuing criminal investigation leads, he said, and are more accurate than humans at verifying people’s identities at border crossings. The development of policies and practices around the retention and usage of data could avoid government misuse, he said.

“The general use of this technology in the United States is very reasonable,” said Castro. “They’re being undertaken by police agencies that are trying to balance communities’ public safety interests with individual privacy.”

Still, in Doctorow’s eyes, the glasses serve as a conversation starter about the perils of granting governments and companies unbridled access to our personal data.

The motivation to seek out antidotes to an over-powerful force has political and symbolic significance for Doctorow, an L.A.-based science-fiction author and privacy advocate. His father’s family fled the Soviet Union, which used surveillance to control the masses.

“We are entirely too sanguine about the idea that surveillance technologies will be built by people we agree with for goals we are happy to support,” he said. “For this technology to be developed and for there to be no countermeasures is a road map to tyranny.”</p>
privacy  surveillance  technology  anonymity 
5 weeks ago by charlesarthur
It seemed like a popular chat app. It’s secretly a spy tool • The New York Times
Mark Mazzetti, Nicole Perlroth and Ronen Bergman:
<p>It is billed as an easy and secure way to chat by video or text message with friends and family, even in a country that has restricted popular messaging services like WhatsApp and Skype.

But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.

ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the United States last week, according to app rankings and App Annie, a research firm.

ToTok amounts to the latest escalation in a digital arms race among wealthy authoritarian governments, interviews with current and former American foreign officials and a forensic investigation showed. The governments are pursuing more effective and convenient methods to spy on foreign adversaries, criminal and terrorist networks, journalists and critics — efforts that have ensnared people all over the world in their surveillance nets.</p>


Apple and Google both banned ToTok from their app stores - and then Google <a href="https://www.theverge.com/platform/amp/2020/1/6/21051977/to-tok-app-google-play-store-uae-spying-privacy">reinstated it on Monday</a>. ToTok meanwhile has been <a href="https://twitter.com/KimZetter/status/1213591797663879168">trying to encourage "influencers"</a> to say nice things about it.
privacy  surveillance  adtech  emirates 
6 weeks ago by charlesarthur
Twelve million phones, one dataset, zero privacy • The New York Times
Stuart Thompson and Charlie Warzel:
<p>Every minute of every day, everywhere on the planet, dozens of companies — largely unregulated, little scrutinized — are logging the movements of tens of millions of people with mobile phones and storing the information in gigantic data files. The Times Privacy Project obtained one such file, by far the largest and most sensitive ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.

Each piece of information in this file represents the precise location of a single smartphone over a period of several months in 2016 and 2017. The data was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so. The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers.

After spending months sifting through the data, tracking the movements of people across the country and speaking with dozens of data companies, technologists, lawyers and academics who study this field, we feel the same sense of alarm. In the cities that the data file covers, it tracks people from nearly every neighborhood and block, whether they live in mobile homes in Alexandria, Va., or luxury towers in Manhattan.

…or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps. You’ve probably never heard of most of the companies — and yet to anyone who has access to this data, your life is an open book.

… Our privacy is only as secure as the least secure app on our device.</p>


Which isn't very. Is America ever going to discover privacy?
privacy  surveillance  location  america 
9 weeks ago by charlesarthur
Scoop: China tried to get World Bank to fund surveillance in Xinjiang - Axios
Bethany Allen-Ebrahimian:
<p>Chinese recipients of World Bank loans tried to secure funding for the purchase of facial recognition technology for use in China’s northwest region of Xinjiang, according to documents obtained by Axios.

The World Bank's loan program in Xinjiang demonstrates the extreme moral hazard that is now facing any organization with operations in the region, where China has constructed a surveillance state and detained more than a million ethnic minorities.

In more than 8,000 pages of official World Bank Chinese-language procurement documents dated June 2017 and reviewed by Axios, Chinese recipients of the loan program requested tens of thousands of dollars for the purchase of facial recognition cameras and software, night-vision cameras, and other surveillance technology for use in Xinjiang schools.

The World Bank told Axios those funds were not disbursed. A World Bank spokesperson said, “As an institution focused on ending poverty, the World Bank knows that inclusive societies are key to sustainable development, and we take a strong line against discrimination of any kind. We promote equal access to opportunities, including education and training, so that everyone can seek to realize his or her full potential. We are fully committed to the integrity of our projects. We respond immediately when issues are raised, and we act based on facts.”</p>


Well done, World Bank.
facialrecognition  surveillance  china 
10 weeks ago by charlesarthur
Thieves of experience: On the rise of surveillance capitalism • ROUGH TYPE
Nick Carr, reviewing Shoshana Zuboff's book "The Age of Surveillance Capitalism":
<p>Zuboff opens her book with a look back at a prescient project from the year 2000 on the future of home automation by a group of Georgia Tech computer scientists. Anticipating the arrival of “smart homes,” the scholars described how a mesh of environmental and wearable sensors, linked wirelessly to computers, would allow all sorts of domestic routines, from the dimming of bedroom lights to the dispensing of medications to the entertaining of children, to be programmed to suit a house’s occupants.

Essential to the effort would be the processing of intimate data on people’s habits, predilections, and health. Taking it for granted that such information should remain private, the researchers envisaged a leak-proof “closed loop” system that would keep the data within the home, under the purview and control of the homeowner. The project, Zuboff explains, reveals the assumptions about “datafication” that prevailed at the time: “(1) that it must be the individual alone who decides what experience is rendered as data, (2) that the purpose of the data is to enrich the individual’s life, and (3) that the individual is the sole arbiter of how the data are put to use.”

What’s most remarkable about the birth of surveillance capitalism is the speed and audacity with which Google overturned social conventions and norms about data and privacy. Without permission, without compensation, and with little in the way of resistance, the company seized and declared ownership over everyone’s information. It turned the details of the lives of millions and then billions of people into its own property. The companies that followed Google presumed that they too had an unfettered right to collect, parse, and sell personal data in pretty much any way they pleased. In the smart homes being built today, it’s understood that any and all data will be beamed up to corporate clouds.</p>


As pointed out, it's a neat three-card monte where you don't even realise it's happening.
internet  surveillance  capitalism 
10 weeks ago by charlesarthur
Apple’s ad-targeting crackdown shakes up ad market • The Information
Tom Dotan:
<p>Since Apple introduced what it calls its Intelligent Tracking Prevention feature in September 2017, and with subsequent updates last year, advertisers have largely lost the ability to target people on Safari based on their browsing habits with cookies, the most commonly used technology for tracking. One result: The cost of reaching Safari users has fallen over 60% in the past two years, according to data from ad tech firm Rubicon Project. Meanwhile ad prices on Google’s Chrome browser have risen slightly. 

That reflects the fact that advertisers pay more money for ads that can be targeted at people with specific demographics and interests. “The allure of a Safari user in an auction has plummeted,” said Rubicon Project CEO Michael Barrett. “There’s no easy ability to ID a user.”

This shift is significant because iPhone owners tend to be more affluent and therefore more attractive to advertisers. Moreover, Safari makes up 53% of the mobile browser market in the U.S., according to web analytics service Statscounter. Only about 9% of Safari users on an iPhone allow outside companies to track where they go on the web, according to Nativo, which sells software for online ad selling. It’s a similar story on desktop, although Safari has only about 13% of the desktop browser market. In comparison, 79% of people who use Google’s Chrome browser allow advertisers to track their browsing habits on mobile devices through cookies.

…ad tech firms that specialize in targeted ad sales, have been affected. Criteo, a publicly traded ad tech company, said Apple’s introduction of ITP cost it $25m in revenue in the fourth quarter of 2017, or 9% of the total, excluding the cost of acquiring traffic. A Criteo spokeswoman said that by making the ad-blocking feature automatic in Safari, Apple “does not truly promote choice for the users of its browser.”

The spokeswoman said ITP had continued to affect Criteo’s business since 2017, which she said was the case with the rest of the ad industry.</p>


Hilarious quote from Criteo. Of <em>course</em> everyone wants to make more money for Criteo. How dare they not?
apple  tracking  advertising  surveillance 
10 weeks ago by charlesarthur
Ring let police view map of video doorbell installations for over a year • CNet
Alfred Ng:
<p>For more than a year, police departments partnered with Amazon's Ring unit had access to a map showing where its video doorbells were installed, down to the street, public documents revealed. So while Ring said it didn't provide police with addresses for the devices, a feature in the map tool let them get extremely close. The feature was removed in July.

Public documents from the Rolling Meadows Police Department in Illinois, obtained by privacy researcher Shreyas Gandlur and reviewed by CNET, revealed that police had access to a heat map that showed the concentration of Ring cameras in a neighborhood.

In its default state, the heat map showed police where Ring cameras are concentrated: the darker the shade, the more the cameras. But when zoomed in, it would show light circles around individual locations, essentially outing Ring owners to police. Police could also type in specific addresses to see the cameras in the surrounding area.

In a statement, Ring denied that its heat map tool gave exact locations of its users.

"As previously stated, our video request feature does not give police access to the locations of devices. Ring is constantly working to improve our products and services and, earlier this year, we updated the video request process to no longer include any device density information," the company said.</p>


As heat maps go, it gave you a pretty good idea where the devices were.
amazon  ring  police  surveillance 
11 weeks ago by charlesarthur
Most Americans think they’re being constantly tracked—and that there’s nothing they can do • MIT Technology Review
Angela Chen:
<p>More than 60% of Americans think it’s impossible to go through daily life without being tracked by companies or the government, according to a new Pew Research study. The results provide important context on the long-running question of how much Americans really care about privacy. 

It’s not just that Americans (correctly) think companies are collecting their data. They don’t like it. About 69% of Americans are skeptical that companies will use their private information in a way they’re comfortable with, while 79% don’t believe that companies will come clean if they misuse the information. 

When it comes to who they trust, there are differences by race. About 73% of black Americans, for instance, are at least a little worried about what law enforcement knows about them, compared with 56% of white Americans. But among all respondents, more than 80% were concerned about what social-media sites and advertisers might know. 

Despite these concerns, more than 80% of Americans feel they have no control over how their information is collected. 

Very few people read privacy policies, the survey shows. That’s understandable. A review of 150 policies from major websites found that the average one takes about 18 minutes to read and requires at least a college-level reading ability. Few people have time for that—and even if they did, most people are forced to agree anyway if they really need the service.</p>
surveillance  privacy 
november 2019 by charlesarthur
Chinese propaganda app doubles as new spying tool for authorities, report says • The Washington Post
Anna Fifield:
<p>The Chinese Communist Party appears to have “superuser” access to the entire data on more than 100 million Android-based cellphones through a back door in a propaganda app that the government has been promoting aggressively this year.

 An examination of the coding of the app used by phones running the Android operating system shows it enables authorities to retrieve messages and photos from users’ phones, browse their contacts and Internet history, and activate an audio recorder inside the devices.

“The [Chinese Communist Party] essentially has access to over 100 million users’ data,” said Sarah Aoun, director of technology at the Open Technology Fund, an initiative funded by the U.S. government under Radio Free Asia. “That’s coming from the top of a government that is expanding its surveillance into citizens’ day-to-day lives.”…

…The Open Technology Fund contracted Cure53, a German cybersecurity firm, to break apart the app and determine its exact capabilities.

The Cure53 researchers investigated the Android version of the app, which is used in smartphones made by Chinese manufacturers such as Huawei, Oppo and Vivo, but did not look into the version available on Apple’s iOS. Android-based phones account for the vast majority of smartphones in China, with Apple making up only 6% of the market as of June, according to Counterpoint, a research consulting firm based in Hong Kong.

Apple said that, while the app could be downloaded on its devices, this type of “superuser” surveillance could not be conducted on Apple’s operating system.</p>
china  surveillance  android 
october 2019 by charlesarthur
Dealing with China isn’t worth the moral cost • The New York Times
Farhad Manjoo:
<p>There is <a href="https://www.washingtonpost.com/opinions/making-china-a-us-enemy-is-counterproductive/2019/07/02/647d49d0-9bfa-11e9-b27f-ed2942f73d70_story.html">a school of thought that says America should not think of China as an enemy</a>. With its far larger population, China’s economy will inevitably come to eclipse ours, but that is hardly a mortal threat. In climate change, the world faces a huge collective-action problem that will require global cooperation. According to this view, treating China like an adversary will only frustrate our own long-term goals.

But this perspective leaves out the threat that greater economic and technological integration with China poses to everyone outside of China. It ignores the ever-steeper capitulation that China requires of its partners. And it overlooks the most important new factor in the Chinese regime’s longevity: the seductive efficiency that technology offers to effect a breathtaking new level of control over its population.

There was a time when Westerners believed that the internet would be the Communist regime’s ruin. In a speech in 2000 urging Congress to normalize trade relations with China, President Bill Clinton famously quipped: “There’s no question China has been trying to crack down on the internet. Good luck! That’s sort of like trying to nail Jell-O to the wall.” The crowd of foreign policy experts erupted in knowing laughter.

China proved them wrong. It didn’t just find a way to nail Jell-O; it became a Jell-O master carpenter. Through online surveillance, facial recognition, artificial intelligence and the propagandistic gold mine of social media, China has mobilized a set of tools that allow it to invisibly, routinely repress its citizens and shape political opinion by manipulating their feelings and grievances on just about any controversy.</p>


We were so busy preventing the surveillance of '1984' happening in the west that we didn't think it would happen in the east. Blistering piece from Manjoo. (Thanks John Naughton for the link.)
china  technology  surveillance  control  chinafight 
october 2019 by charlesarthur
ImageNet Roulette
:
<p>ImageNet Roulette is a provocation designed to help us see into the ways that humans are classified in machine learning systems. It uses a neural network trained on the “Person” categories from the ImageNet dataset which has over 2,500 labels used to classify images of people.

<strong>Warning: ImageNet Roulette regularly returns racist, misogynistic and cruel results.</strong> That is because of the underlying data set it is drawing on, which is ImageNet's 'Person' categories. ImageNet is one of the most influential training sets in AI. This is a tool designed to show some of the underlying problems with how AI is classifying people.

UPDATE: IMAGENET ROULETTE HAS ACHIEVED ITS GOALS.

Starting Friday, September 27th this application will no longer be available online.</p>
ai  machinelearning  surveillance 
september 2019 by charlesarthur
Revealed: Microsoft contractors are listening to some Skype calls • VICE
Joseph Cox:
<p>Contractors working for Microsoft are listening to personal conversations of Skype users conducted through the app's translation service, according to a cache of internal documents, screenshots, and audio recordings obtained by Motherboard. Although Skype's website says that the company may analyze audio of phone calls that a user wants to translate in order to improve the chat platform's services, it does not say some of this analysis will be done by humans.

The Skype audio obtained by Motherboard includes conversations from people talking intimately to loved ones, some chatting about personal issues such as their weight loss, and others seemingly discussing relationship problems. Other files obtained by Motherboard show that Microsoft contractors are also listening to voice commands that users speak to Cortana, the company's voice assistant…

…"The fact that I can even share some of this with you shows how lax things are in terms of protecting user data," a Microsoft contractor who provided the cache of files to Motherboard said. Motherboard granted the source anonymity to speak more candidly about internal Microsoft practices, and because the person is under a non-disclosure agreement with the company.</p>


At this rate we're going to find out that <em>everything</em> involving voice has a chance of being listened to by a human at some point. And Microsoft will get whacked by the European data protection agencies for such slack practices.
microsoft  skype  translation  voice  dataprotection  surveillance 
august 2019 by charlesarthur
How US tech giants are helping to build China’s surveillance state • The Intercept
Ryan Gallagher:
<p>The OpenPower Foundation — a nonprofit led by Google and IBM executives with the aim of trying to “drive innovation” — has set up a collaboration between IBM, Chinese company Semptian, and US chip manufacturer Xilinx. Together, they have worked to advance a breed of microprocessors that enable computers to analyze vast amounts of data more efficiently.

Shenzhen-based Semptian is using the devices to enhance the capabilities of internet surveillance and censorship technology it provides to human rights-abusing security agencies in China, according to sources and documents. A company employee said that its technology is being used to covertly monitor the internet activity of 200 million people…

…Anna Bacciarelli, a researcher at Amnesty International, said that the OpenPower Foundation’s decision to work with Semptian raises questions about its adherence to international human rights standards. “All companies have a responsibility to conduct human rights due diligence throughout their operations and supply chains,” Bacciarelli said, “including through partnerships and collaborations.”

Semptian presents itself publicly as a “big data” analysis company that works with internet providers and educational institutes. However, a substantial portion of the Chinese firm’s business is in fact generated through a front company named iNext, which sells the internet surveillance and censorship tools to governments.</p>
ibm  google  china  surveillance 
july 2019 by charlesarthur
Teen hate crime: Swatiskas, racist graffiti divide a Maryland high school • Washington Post
Jessica Contrera on a night that got boozily out of hand for some American kids:
<p>It took only one question: “What happened?”

“Things got out of hand,” Seth recalls telling him. “I was under the impression we were going to do a prank, and it got bad.”

He started to cry. He would be the only one who immediately admitted what they did. The others, court records show, would deny it. Tyler wished Willingham good luck in finding out who did it.

Eventually they were told: The school’s WiFi system requires students to use individual IDs to get online. After they log in once, their phones automatically connect whenever they are on campus.

At 11:35 p.m. on May 23, the students’ IDs began auto-connecting to the Wi-Fi. It took only a few clicks to find out exactly who was beneath those T-shirt masks.

“You have the right to remain silent,” an officer said to Seth before long. “Anything you say or do . . . ”

They told him to remove his graduation cap and gown. They cuffed his arms behind his back.

Seth realized they were about to march him outside, past the windows of the cafeteria. By now it would be filled with students eating lunch.

“Can you cover my face so that the kids don’t videotape me?” he asked.

“No,” an officer replied. “You deserve this.”</p>


The passive surveillance society; sometimes a benefit.
surveillance  wifi  crime 
july 2019 by charlesarthur
Google still keeps a list of everything you ever bought using Gmail, even if you delete all your emails • CNBC
Todd Haselton:
<p>In May, I wrote up something weird I spotted on Google’s account management page. I noticed that Google uses Gmail to store a list of everything you’ve purchased, if you used Gmail or your Gmail address in any part of the transaction.

If you have a confirmation for a prescription you picked up at a pharmacy that went into your Gmail account, Google logs it. If you have a receipt from Macy’s, Google keeps it. If you bought food for delivery and the receipt went to your Gmail, Google stores that, too.

You get the idea, and you can see your own purchase history by going to Google’s Purchases page.

Google says it does this so you can use Google Assistant to track packages or reorder things, even if that’s not an option for some purchases that aren’t mailed or wouldn’t be reordered, like something you bought a store.

At the time of my original story, Google said users can delete everything by tapping into a purchase and removing the Gmail. It seemed to work if you did this for each purchase, one by one. This isn’t easy — for years worth of purchases, this would take hours or even days of time.

So, since Google doesn’t let you bulk-delete this purchases list, I decided to delete everything in my Gmail inbox. That meant removing every last message I’ve sent or received since I opened my Gmail account more than a decade ago.

Despite Google’s assurances, it didn’t work.</p>
google  gmail  purchases  data  retention  surveillance 
july 2019 by charlesarthur
Amazon confirms it keeps your Alexa recordings basically forever • Ars Technica
Kate Cox:
<p>Amazon has confirmed it hangs on to every conversation you've ever had with an Alexa-enabled device until or unless you specifically delete them.

That confirmation comes as a response to a list of questions Sen. Chris Coons (D-Delaware) sent to Amazon CEO Jeff Bezos in May expressing "concerns" about how Amazon uses and retains customers' Alexa voice assistant data.

Amazon's response to Coons, as first reported by CNET, confirms that the company keeps your data as long as it wants unless you deliberately specify otherwise.

"We retain customers' voice recordings and transcripts until the customer chooses to delete them," Amazon said—but even then there are exceptions.

Amazon, as well as third parties that deploy "skills" on the Alexa platform, keep records of interactions customers have with Alexa, the company said. If, for example, you order a pizza, purchase digital content, summon a car from a ride-hailing service, or place an Amazon order, "Amazon and/or the applicable skill developer obviously need to keep a record of the transaction," Amazon said, without clarifying the specific kind of data that's in that record.</p>
amazon  alexa  voice  surveillance 
july 2019 by charlesarthur
Superhuman is Spying on You » Mike Industries
Mike Davidson has been using Superhuman - you know, the $30 per month email service that does it all for you - for a while:
<p>when I see great design, I proactively try to spread it as far and wide as possible.

What I see in Superhuman though is a company that has mistaken taking advantage of people for good design. They’ve identified a feature that provides value to some of their customers (i.e. seeing if someone has opened your email yet) and they’ve trampled the privacy of every single person they send email to in order to achieve that. Superhuman never asks the person on the other end if they are OK with sending a read receipt (complete with timestamp and geolocation). Superhuman never offers a way to opt out. Just as troublingly, Superhuman teaches its user to surveil by default. I imagine many users sign up for this, see the feature, and say to themselves “Cool! Read receipts! I guess that’s one of the things my $30 a month buys me.”

When products are introduced into the market with behaviors like this, customers are trained to think they are not just legal but also ethical. They don’t always take the next step and ask themselves “wait, should I be doing this?” It’s kind of like if you walked by someone’s window at night and saw them naked. You could do one of two things: a) look away and get out of there, realizing you saw something that person wouldn’t want you to see, or b) keep staring, because if they really didn’t want anyone to see them, they should have closed their blinds. It’s two ways of looking at the world, and Superhuman is not just allowing for option B but <em>actively causing it to happen</em>.</p>


Tracking pixels like that aren't unique to Superhuman; PR companies use them all the time, and others too. But that's different, as Davidson explains. He deals with peoples' responses in his blogpost (including one from an investor in Superhuman), and its legal boilerplate. In short: Superhuman has been <a href="https://en.wikipedia.org/wiki/Milkshake_Duck">milkshake ducked</a>.
superhuman  email  surveillance  privacy 
july 2019 by charlesarthur
Chinese border guards put secret surveillance app on tourists' phones • The Guardian
Hilary Osborne:
<p>The Chinese government has curbed freedoms in the province for the local Muslim population, installing facial recognition cameras on streets and in mosques and reportedly forcing residents to download software that searches their phones.

An investigation by the Guardian and international partners has found that travellers are being targeted when they attempt to enter the region from neighbouring Kyrgyzstan.

Border guards are taking their phones and secretly installing an app that extracts emails, texts and contacts, as well as information about the handset itself.

Tourists say they have not been warned by authorities in advance or told about what the software is looking for, or that their information is being taken.

The investigation, with partners including Süddeutsche Zeitung and the New York Times, has found that people using the remote Irkeshtam border crossing into the country are routinely having their phones screened by guards.

Edin Omanović, of the campaign group Privacy International, described the findings as “highly alarming in a country where downloading the wrong app or news article could land you in a detention camp”.

Analysis by the Guardian, academics and cybersecurity experts suggests the app, designed by a Chinese company, searches Android phones against a huge list of content that the authorities view as problematic.</p>


For iPhones, they're plugged into a reader which scans them. On Android, the app is removed before the phone is given back - but not always. A pervasive connected device means pervasive surveillance.
china  surveillance 
july 2019 by charlesarthur
China silences podcast and music apps as online crackdown widens • TechCrunch
Rita Liao:
<p>Audio apps are flying high in China. In 2018, online listeners in the country grew 22.1% to surpass 400 million, at a rate far exceeding that of the mobile video and e-reading populations, according to market researcher iiMedia.

But the fledgling sector is taking a hit. On Friday, a total of 26 audio-focused apps were ordered to terminate, suspend services, or have talks with regulators as they were investigated and deemed to have spread “historical nihilism” and “pornography,” according to a notice posted by the Cyberspace Administration of China (CAC).

The clampdown has, in a way, been foreshadowed by a recent attack of user-generated audio content. Last month, Apple restricted Chinese users from accessing podcasts that aren’t hosted by its local partners, effectively preventing those with a Chinese Apple account from consuming content unchecked by Chinese censors.</p>


Easy to forget this is happening all the time too.
china  surveillance 
july 2019 by charlesarthur
How Amazon and the cops set up an elaborate sting operation that accomplished nothing • VICE
Caroline Haskins:
<p>For Amazon, fear is good for business.

If customers fear their neighbors, and fear they might steal a package, customers are less likely to be mad at Amazon if they don’t get a package they ordered. They’re also more likely to buy an Amazon-owned Ring doorbell camera, which is marketed as way of surveilling your stoop for package deliveries and package thieves—especially on Neighbors, the Ring-owned “neighborhood watch” app.

New documents obtained by Motherboard using a Freedom of Information request show how Amazon, Ring, a GPS tracking company, and the US Postal Inspection Service collaborated on a package sting operation with the Aurora, Colorado Police Department in December. The operation involved equipping fake Amazon packages with GPS trackers, and surveilling doorsteps with Ring doorbell cameras in an effort to catch someone stealing a package on tape.

The documents show the design and implementation of a highly elaborate public relations stunt, which was designed both to endear Amazon and Ring with local law enforcement, and to make local residents fear the place they live. The parties were disappointed when <a href="https://www.thedenverchannel.com/news/crime/aurora-police-launch-operation-to-catch-porch-pirates-this-holiday-season">the operation</a> didn’t result in any arrests.</p>
amazon  law  surveillance 
july 2019 by charlesarthur
Walmart and Amazon want to see inside your house. Should you let them? • Los Angeles Times
Sam Dean:
<p>Walmart — which is rolling out its service in Pittsburgh, Kansas City and Vero Beach, Fla., this fall — said it was too early to say how the footage would be stored and processed. But the fact that Walmart owns the in-home recording device, in contrast to the customer-owned Cloud Cam, could lead to even less accountability for how footage of customers’ homes is used.

“For these companies, it would be very difficult to resist the temptation of ‘Look, we have all this video inside people’s houses,’ ” Gillula said. “Let’s use it to train AI to recognize specific products we can recommend.”

In fact, Google last year filed a patent application laying out a system that would do exactly that.
Featuring smart speakers and cameras, Google Home competes with Amazon’s smart home suite. But, unlike Amazon, Google depends on advertising for the vast majority of its revenue.

It’s unclear whether Google is using your home as a data mine to improve its ad targeting, but in its patent, Google engineers described how that would work in detail. In-home cameras and audio sensors would look at the objects in your house, create a detailed profile of your tastes and potential desires, and then serve up ads and content that fit that profile.

In one of the patent’s example scenarios, a smart video camera sees that you have a paperback of “The Godfather” on your bedside table, then feeds that information back to a local processing hub. Some light profile-crunching later, and a notification pops up: “I noticed you have a copy of ‘The Godfather’ by your bed. The movie based on this novel is showing tonight at 9:30 PM on Channel 5.”</p>


"I notice that you have thrown the camera out of the window and disabled our ability to show you relevant adverts."
advertising  surveillance  amazon  walmart 
june 2019 by charlesarthur
2017: The CIA spied on people through their smart TVs, leaked documents reveal • VICE
Lorenzo Franceschi-Bicchierai, in March 2017:
<p>The CIA and MI5 called the project to spy on Samsung Smart TVs "Weeping Angel," perhaps a reference to Doctor Who, where weeping angels are "the deadliest, most powerful, most malevolent life-form ever produced." The malware was designed to keep the smart TVs on even when they were turned off. This was dubbed "Fake-Off mode," <a href="https://wikileaks.org/ciav7p1/cms/index.html">according to the documents</a>. The CIA hackers even developed a way to "suppress" the TVs LED indicators to improve the "Fake-Off" mode.

"Weeping Angel already hooks key presses from the remote (or TV goes to sleep) to cause the system to enter Fake-Off rather than Off," one of the leaked document reads. "Since the implant is already hooking these events, the implant knows when the TV will be entering Fake-Off mode."

After this article was published, Samsung reacted with a statement. 

"Protecting consumers' privacy and the security of our devices is a top priority at Samsung," read the statement sent via email. "We are aware of the report in question and are urgently looking into the matter."</p>


This precedes, of course, Samsung's bizarre tweet (since deleted) earlier this week about scanning your TV for malware. Maybe just unplug it?
surveillance  hacking  smarttv 
june 2019 by charlesarthur
WeChat is watching • Nautilus
Barclay Bram:
<p>At 9:27, once I’ve brushed my teeth, answered a few messages, and wiped the sleep from my eyes, I order a coffee through WeChat. There’s a payments window on the app, and when you click on it you see various options, some proprietary to WeChat and some which are independent apps that run on WeChat’s platform. I open the Meituan delivery app and scroll through all the coffee options around me. I order an Americano. I have my WeChat linked with the facial recognition scanner on my iPhone; when I pay, I just hold my phone up to my face and a green tick flicks across the screen. Seven minutes later, I get a message telling me the coffee is on the way, with the name and number of the delivery driver. It arrives at 9:53.

Before 10 on a normal day in Chengdu, WeChat knows the following things about me: It knows roughly when I wake up, it knows who has messaged me and who I message, it knows what we talk about. It knows my bank details, it knows my address and it knows my coffee preference in the morning. It knows my biometric information; it knows the very contours of my face.

But this isn’t all it knows. I use WeChat to pay my rent. I use it to pay for my utilities. I use it to top up my phone credit. I use WeChat to pay for the metro system. I use it to scan QR codes on the back of shared-bike schemes throughout the city. I use it to call cabs. It knows where I go and how I go there. I follow bloggers on it, I follow media organizations and NGOs and government offices (there are over 20 million official accounts associated with governmental institutions, agencies, or officials) and I read their content through it. It knows what academic interests I have—I’m researching mental health and I pay for and attend online courses in psychology through the app. I book movie tickets, order things through Jingdong’s page (the Chinese Amazon), and I recently downloaded a WeChat app which allows me to take a photo of a flower and have it tell me the name. It also tells me anytime it’s been mentioned in Chinese poetry.</p>


WeChat's dominance is accidental (as far as we know). And it's an absolute dream for a surveillance state. And western governments with dictatorial tendencies (basically: all of them) would love WeChat, or an equivalent, to rise in their countries.
wechat  surveillance 
june 2019 by charlesarthur
This ID scanner company is collecting sensitive data on millions of bar-goers • One Zero
Susie Cagle:
<p>mouths off to a bouncer, tags a wall, gets in a fight, or is just too drunk and disorderly. They’re not just kicked out for the night, but “eighty-sixed” — permanently banned from the establishment.

Now imagine if a bar owner could flag that ejected patron digitally, documenting their transgression for other bar owners to see and placing them on a nightlife equivalent of a no fly list that stretches across city, state, and even international borders.

PatronScan allows bars to do just that. The PatronScan kiosk, placed at the entrance of a bar or nightlife establishment, can verify whether an ID is real or fake, and collect and track basic customer demographic data. For bars, accurate ID scanners are valuable tools that help weed out underage drinkers, protecting the establishments’ liquor licenses from fines and scrupulous state alcohol boards. But PatronScan’s main selling point is security.

The system allows a business to maintain a record of bad customer behavior and flag those individuals, alerting every other bar that uses PatronScan. What constitutes “bad behavior” is at a bar manager’s discretion, and ranges from “sexual assault” to “violence” to “public drunkenness” and “other.” When a bargoer visits another PatronScan bar and swipes their ID, their previously flagged transgressions will pop up on the kiosk screen. Unless patrons successfully appeal their status to PatronScan or the bar directly, their status can follow them for anywhere from a couple weeks to a few months, to much, much longer. According to a PatronScan “Public Safety Report” from May 2018, the average length of bans handed out to customers in Sacramento, California was 19 years. (The company’s “Public Safety Report” is embedded in full below.)</p>


And of course you don't know what the company is doing with all that data because it's America, where your personal data is my potential future revenue stream.
surveillance  scanner  bar 
may 2019 by charlesarthur
Would you recognise yourself from your data? • BBC News
Carl Miller had the clever idea of getting all the data held about him, to see what it revealed - and whether it was accurate:
<p>About 1,500 of those pages were this kind of educated guesswork, all of it from companies I had never heard of before.

It's easy to find data on this scale a little alarming, but most of it I found more silly than sinister:<br />• The age of my boiler had been predicted<br />• My likelihood to be interested in gardening was 23.3%<br />• My interest in prize draws and competitions was 11%<br />• My "animal/nature awareness level" was low<br />• My consumer technology audience segmentation was described as (among other things) "young and struggling".<br />• My household was found to have no "regular interest in book reading" (I have written a book)<br />• At one moment I was a go-getter, an idea-seeker.<br />• Then I was a love aspirer, a disengaged worker, part of a group called budgeted stability or, simply, downhearted.<br />• Something I did triggered a "Netmums - women trying to conceive" event.

If this was a reflection of myself, I didn't recognise it.</p>


Not a very accurate picture, in other words. This is the world of "targeted" advertising?

And of course when he did try to get the data, in many cases he was directed to broken systems or told to send his request by snail mail. Though there's an argument that you want to make it a little harder to access that data than just downloading it, because otherwise it might be open to hackers.
data  personality  tracking  surveillance 
may 2019 by charlesarthur
SensorID: sensor calibration fingerprinting for smartphones • Cambridge Computing Lab
Jiexin Zhang, Alastair Beresford and Ian Sheret:
<p>We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint. Overall, our attack has the following advantages:

• The attack can be launched by any website you visit or any app you use on a vulnerable device without requiring any explicit confirmation or consent from you<br />• The attack takes less than one second to generate a fingerprint<br />• The attack can generate a globally unique fingerprint for iOS devices<br />• The calibration fingerprint never changes, even after a factory reset<br />• The attack provides an effective means to track you as you browse across the web and move between apps on your phone.

Following our disclosure, Apple has patched this vulnerability in iOS 12.2.

…Our approach works by carefully analysing the data from sensors which are accessible without any special permissions to both websites and apps. Our analysis infers the per-device factory calibration data which manufacturers embed into the firmware of the smartphone to compensate for systematic manufacturing errors. This calibration data can then be used as the fingerprint.

We found that the gyroscope and magnetometer on iOS devices are factory calibrated and the calibration data differs from device to device. In addition, we find that the accelerometer of Google Pixel 2 and Pixel 3 can also be fingerprinted by our approach.</p>
security  iphone  ios  tracking  surveillance 
may 2019 by charlesarthur
Privacy rights and data collection in a digital economy • Idle Words
Maciej Cieglowski, who runs the Pinboard service but is also one of the clearest thinkers on the state of the internet, gave evidence last week to the US Congress. As you'd expect, it's a must-read:
<p>Until recently, even people living in a police state could count on the fact that the authorities didn’t have enough equipment or manpower to observe everyone, everywhere, and so enjoyed more freedom from monitoring than we do living in a free society today. [Note: The record for intensive surveillance in the pre-internet age likely belongs to East Germany, where by some estimates one in seven people was an informant.].

A characteristic of this new world of ambient surveillance is that we cannot opt out of it, any more than we might opt out of automobile culture by refusing to drive. However sincere our commitment to walking, the world around us would still be a world built for cars. We would still have to contend with roads, traffic jams, air pollution, and run the risk of being hit by a bus.

Similarly, while it is possible in principle to throw one’s laptop into the sea and renounce all technology, it is no longer be possible to opt out of a surveillance society.

When we talk about privacy in this second, more basic sense, the giant tech companies are not the guardians of privacy, but its gravediggers.

The tension between these interpretations of what privacy entails, and who is trying to defend it, complicates attempts to discuss regulation.

Tech companies will correctly point out that their customers have willingly traded their private data for an almost miraculous collection of useful services, services that have unquestionably made their lives better, and that the business model that allows them to offer these services for free creates far more value than harm for their customers.

Consumers will just as rightly point out that they never consented to be the subjects in an uncontrolled social experiment, that the companies engaged in reshaping our world have consistently refused to honestly discuss their business models or data collection practices, and that in a democratic society, profound social change requires consensus and accountability.</p>
Surveillance  society  google  facebook 
may 2019 by charlesarthur
Millions of people uploaded photos to the Ever app. Then the company used them to develop facial recognition tools • NBC News
Olivia Solon and Cyrus Farivar:
<p>“Make memories”: That’s the slogan on the website for the photo storage app Ever, accompanied by a cursive logo and an example album titled “Weekend with Grandpa.”

Everything about Ever’s branding is warm and fuzzy, about sharing your “best moments” while freeing up space on your phone.

What isn’t obvious on Ever’s website or app — except for a brief reference that was added to the privacy policy after NBC News reached out to the company in April — is that the photos people share are used to train the company’s facial recognition system, and that Ever then offers to sell that technology to private companies, law enforcement and the military.

In other words, what began in 2013 as another cloud storage app has pivoted toward a far more lucrative business known as Ever AI — without telling the app’s millions of users.

“This looks like an egregious violation of people’s privacy,” said Jacob Snow, a technology and civil liberties attorney at the American Civil Liberties Union of Northern California. “They are taking images of people’s families, photos from a private photo app, and using it to build surveillance technology. That’s hugely concerning.”</p>


Wonder if this is legal in Illinois?
ever  app  photos  surveillance 
may 2019 by charlesarthur
Tracking phones, Google is a dragnet for the police • The New York Times
Jennifer Valentino-DeVries:
<p>When detectives in a Phoenix suburb arrested a warehouse worker in a murder investigation last December, they credited a new technique with breaking open the case after other leads went cold.

The police told the suspect, Jorge Molina, they had data tracking his phone to the site where a man was shot nine months earlier. They had made the discovery after obtaining a search warrant that required Google to provide information on all devices it recorded near the killing, potentially capturing the whereabouts of anyone in the area.

Investigators also had other circumstantial evidence, including security video of someone firing a gun from a white Honda Civic, the same model that Mr. Molina owned, though they could not see the license plate or attacker.

But after he spent nearly a week in jail, the case against Mr. Molina fell apart as investigators learned new information and released him. Last month, the police arrested another man: his mother’s ex-boyfriend, who had sometimes used Mr. Molina’s car.

The warrants, which draw on an enormous Google database employees call Sensorvault, turn the business of tracking cellphone users’ locations into a digital dragnet for law enforcement. In an era of ubiquitous data gathering by tech companies, it is just the latest example of how personal information — where you go, who your friends are, what you read, eat and watch, and when you do it — is being used for purposes many people never expected. As privacy concerns have mounted among consumers, policymakers and regulators, tech companies have come under intensifying scrutiny over their data collection practices.</p>


Hello, Google's Location History feature - which <a href="https://www.nytimes.com/2019/04/13/technology/google-sensorvault-location-tracking.html">will collect data about your location all the time</a> (on Android) or when allowed (on iOS).

See yours: <a href="https://takeout.google.com/">https://takeout.google.com/</a>.
google  privacy  surveillance 
april 2019 by charlesarthur
Health apps pose 'unprecedented' privacy risks • BBC News
<p>Using popular health apps could mean private information about medical conditions is not kept confidential, researchers warn.
Of 24 health apps in the BMJ study, 19 shared user data with companies, including Facebook, Google and Amazon.

It warns this could then be passed on to other organisations such as credit agencies or used to target advertising.

And data was shared despite developers often claiming they did not collect personally identifiable information.

Users could be easily identified by piecing together data such as their Android phone's unique address, the study says.

"The semi-persistent Android ID will uniquely identify a user within the Google universe, which has considerable scope and ability to aggregate highly diverse information about the user," wrote co-author Dr Quinn Grundy of the Lawrence S. Bloomberg Faculty of Nursing at the University of Toronto.
"These apps claim to offer tailored and cost-effective health promotion - but they pose unprecedented risk to consumers' privacy given their ability to collect user data, including sensitive information."

The authors conclude:
• doctors need to warn patients about the threat to their privacy from using such apps<br />• regulators should consider that loss of privacy is not a fair cost for the use of digital health services.</p>
Health  apps  surveillance  data  sharing 
april 2019 by charlesarthur
Amazon workers are listening to what you tell Alexa • Bloomberg
Matt Day , Giles Turner , and Natalia Drozdiak:
<p>Amazon employs thousands of people around the world to help improve the Alexa digital assistant powering its line of Echo speakers. The team listens to voice recordings captured in Echo owners’ homes and offices. The recordings are transcribed, annotated and then fed back into the software as part of an effort to eliminate gaps in Alexa’s understanding of human speech and help it better respond to commands. 

The Alexa voice review process, described by seven people who have worked on the program, highlights the often-overlooked human role in training software algorithms. In marketing materials Amazon says Alexa “lives in the cloud and is always getting smarter.” But like many software tools built to learn from experience, humans are doing some of the teaching.

The team comprises a mix of contractors and full-time Amazon employees who work in outposts from Boston to Costa Rica, India and Romania, according to the people, who signed nondisclosure agreements barring them from speaking publicly about the program. They work nine hours a day, with each reviewer parsing as many as 1,000 audio clips per shift, according to two workers based at Amazon’s Bucharest office, which takes up the top three floors of the Globalworth building in the Romanian capital’s up-and-coming Pipera district.</p>


That is a LOT of listening. Is this another "not really AI" example?
amazon  privacy  surveillance  alexa 
april 2019 by charlesarthur
Does Google meet its users’ expectations around consumer privacy? This news industry research says no » Nieman Journalism Lab
Jason Kint:
<p>Digital Content Next surveyed a nationally representative sample1 to find out what people expect from Google — and, as with a similar study we conducted last year about Facebook, the results were unsettling.

Our findings show that many of Google’s data practices deviate from consumer expectations. We find it even more significant that consumer’s expectations are at an all-time low even after 2018, a year in which awareness around consumer privacy reached peak heights.

The results of the study are consistent with our Facebook study: People don’t want surveillance advertising. A majority of consumers indicated they don’t expect to be tracked across Google’s services, let alone be tracked across the web in order to make ads more targeted.

Q: Do you expect Google to collect data about a person’s activities on Google platforms (e.g. Android and Chrome) and apps (e.g. Search, YouTube, Maps, Waze)?<br />YES: 48%NO: 52%

Q: Do you expect Google to track a person’s browsing across the web in order to make ads more targeted?<br />YES: 43%NO: 57%

Nearly two out of three consumers don’t expect Google to track them across non-Google apps, offline activities from data brokers, or via their location history.</p>


Don't expect – or perhaps aren't aware that it's capable of doing.
google  privacy  surveillance 
april 2019 by charlesarthur
This is why we can’t have nice things • DIGITS to DOLLARS
Jay Goldberg:
<p>A decade ago, we spoke with a small handset maker in Shenzhen who sold into China’s domestic market and a half dozen random emerging markets (Ukraine, El Salvador, Uruguay, etc.). His business was always cutthroat, shipping largely $25 feature phones and $100 smartphones. Unfortunately, he did not have enough resources to be able to build his own brand. (He tried; over the years we brought him a dozen marketing text books.) At one point, he tried offering his own software service – messaging, contacts, etc. But he knew that the only path to revenue for these was through selling customer data to ad brokers and others. He told us that his customers would not mind because many of them lived in markets where the government already intruded on users’ privacy in many ways. To his credit, he was very uncomfortable with this business model and did not pursue it. He went out of business five years ago.

Some companies have managed to thrive despite this. For instance, Xiaomi makes decent margins on their phones and is overall profitable (and to their credit still breaks out their unit shipments). Xiamoi had the funds to build their own brand, and to branch out into an ecosystem of related products (home networking, fitness bands, etc.). We do not know if Xiaomi sells its users’ data, but they do install a lot of their own software on phones, trying to build an Apple-like software ecosystem lock-in.

Another way to profit in this business is to bundle phone sales with other products. For example, they can sell base stations and networking products with phones thrown in as an adder, as in “would you like fries phones with that?”. That being said, we do not know if Huawei’s handset business is actually profitable. We are not convinced that Huawei itself knows the answer to this question. Our point is just that there are someways to stay in the business.

However, for the majority of the industry, the hard, cold reality is that handset profits are non-existent. And the only way for these companies to remain viable is to sell out their users. </p>


The only exception, he notes, is Apple, which of course collects all the profits.
apple  smartphone  business  surveillance 
april 2019 by charlesarthur
South Korea spycam: hundreds of motel guests secretly filmed and live-streamed online • CNN
Sophie Jeong and James Griffiths:
<p>About 1,600 people have been secretly filmed in motel rooms in South Korea, with the footage live-streamed online for paying customers to watch, police said Wednesday.

Two men have been arrested and another pair investigated in connection with the scandal, which involved 42 rooms in 30 accommodations in 10 cities around the country. Police said there was no indication the businesses were complicit in the scheme.

In South Korea, small hotels of the type involved in this case are generally referred to as motels or inns.

Cameras were hidden inside digital TV boxes, wall sockets and hairdryer holders and the footage was streamed online, the Cyber Investigation Department at the National Police Agency said in a statement.

The site had more than 4,000 members, 97 of whom paid a $44.95 monthly fee to access extra features, such as the ability to replay certain live streams. Between November 2018 and this month, police said, the service brought in upward of $6,000.</p>


I mean, in the context of video services that's pretty pricey, isn't it. Shouldn't staying at the hotel have been free? That's normally how these surveillance services work online?
porn  korea  surveillance 
march 2019 by charlesarthur
Leaked documents show US government tracking journalists and immigration advocates through a secret database • NBC San Diego
Tom Jones:
<p>Documents obtained by NBC 7 Investigates show the US government created a secret database of activists, journalists, and social media influencers tied to the migrant caravan and in some cases, placed alerts on their passports.

At the end of 2018, roughly 5,000 immigrants from Central America made their way north through Mexico to the United States southern border. The story made international headlines. 

As the migrant caravan reached the San Ysidro Port of Entry in south San Diego County, so did journalists, attorneys, and advocates who were there to work and witness the events unfolding. 

But in the months that followed, journalists who covered the caravan, as well as those who offered assistance to caravan members, said they felt they had become targets of intense inspections and scrutiny by border officials. 

One photojournalist said she was pulled into secondary inspections three times and asked questions about who she saw and photographed in Tijuana shelters. Another photojournalist said she spent 13 hours detained by Mexican authorities when she tried to cross the border into Mexico City. Eventually, she was denied entry into Mexico and sent back to the US. 

These American photojournalists and attorneys said they suspected the US government was monitoring them closely but until now, they couldn’t prove it.</p>

This is what they warned you about: authoritarian governments misusing powers.
Trump  america  surveillance 
march 2019 by charlesarthur
Zittrain and Zuckerberg discuss encryption, ‘information fiduciaries’ and targeted ads • Harvard Law
<p>“The idea of us having a fiduciary relationship with the people who use our services is intuitive,” said Zuckerberg [interviewed by Jonathan Zittrain].  “[Facebook’s] own self-image of ourselves and what we’re doing is that we’re acting as fiduciaries and trying to build services for people. … Where this gets interesting is who gets to decide in the legal sense, or in the policy sense, of what’s in people’s best interest.”

The conversation segued into another topic area involving competing sets of interests: the use of end-to-end message encryption to make private communications inaccessible to eavesdroppers. End-to-end encryption has come under criticism for making it difficult in some cases for law enforcement agents (with the proper warrants) to access evidence locked up on devices. Zittrain raised the possibility that governments not embracing the rule of law might use their legal and technical capabilities to peek into unencrypted private communications at will. “The modern surveillance states of note in the world have a lot of arrows in their quivers… they’ve got a plan B, a plan C, and a plan D,” he said.

Zuckerberg said he is inclined to implement more end-to-end encryption. “I basically think that if you want to talk in metaphors, messaging is like people’s living room, and we definitely don’t want a society where there’s a camera in everyone’s living room,” he said.

Zittrain pointed out that people are happily installing Facebook’s own smart camera–the Portal–in their living rooms. Zuckerberg laughed. “That is I guess… yeah. Though that would be encrypted.”</p>
Zuckerberg  facebook  surveillance 
february 2019 by charlesarthur
China surveillance firm tracking millions in Xinjiang - researcher • Reuters
Cate Cadell and Philip Wen:
<p>A Chinese surveillance firm is tracking the movements of more than 2.5 million people in the far-western Xinjiang region, according to a data leak flagged by a Dutch internet expert.

An online database containing names, ID card numbers, birth dates and location data was left unprotected for months by Shenzhen-based facial-recognition technology company SenseNets Technology Ltd, according to Victor Gevers, co-founder of non-profit organisation GDI.Foundation, who first noted the vulnerability in a series of social media posts last week.

Exposed data also showed about 6.7m location data points linked to the people which were gathered within 24 hours, tagged with descriptions such as “mosque”, “hotel,” “internet cafe” and other places where surveillance cameras were likely to be found.

“It was fully open and anyone without authentication had full administrative rights. You could go in the database and create, read, update and delete anything,” said Gevers.</p>


When surveillance states get sloppy.
china  hacking  surveillance 
february 2019 by charlesarthur
Internet censorship: Facebook, Patreon will always be frustrating • Bloomberg
Tyler Cowen:
<p>Facebook recently has devoted a lot of resources to regulating speech on its platform. Yet undesired uses of the platform hardly have gone away, especially outside the U.S. Furthermore, the need for human judgment makes algorithms increasingly costly and hard to scale. As Facebook grows bigger and reaches across more regions and languages, it becomes harder to find the humans who can apply what Facebook considers to be the proper standards. 1

I’d like to suggest a simple trilemma. When it comes to private platforms and speech regulation, you can choose two of three: scalability, effectiveness and consistency. You cannot have all three. Furthermore, this trilemma suggests that we — whether as users, citizens or indeed managers of the platforms themselves — won’t ever be happy with how speech is regulated on the internet.

One view, which may appear cynical, is that the platforms are worth having, so they should appease us by at least trying to regulate effectively, even though both of us know they won’t really succeed. Circa 2019, I don’t see a better solution. Another view is that we’d be better off with how things were a few years ago, when platform regulation of speech was not such a big issue. After all, we Americans don’t flip out when we learn that Amazon sells copies of “Mein Kampf.”

The problem is that once you learn about what you can’t have — speech regulation that is scalable, consistent and hostile to bad agents — it is hard to get used to that fact. Going forward, we’re likely to see platform companies trying harder and harder, and their critics getting louder and louder.</p>


(Via Nathan Taylor's <a href="https://praxtime.com/2019/02/16/saturday-links-16-feb-2019/">fine roundup</a>.)
privacy  surveillance  culture  censorship 
february 2019 by charlesarthur
The dawn of the Little Red Phone • China Media Project
David Bandurski:
<p>The platform is interesting and significant not only for the nature of its content as reflective of a renewed push to enforce the dominance of the Party’s ideology and positions, and to consolidate the power of Xi Jinping around the developing notion of “Xi Jinping Thought,” but also for the way it reinvents the process of ideological dominance for the digital era.

This is most evident in the points system employed by the “Xi Study Strong Nation,” the way it is engineered to make demands, in actionable and measurable ways, on how Party members spend what might otherwise be considered their personal time.

The idea is that users of the platform earn points through their active engagement with the material, so that more time on the platform rewards more points. Reading one article earns you 0.1 points. Watching a single video earns you 0.1  points. And a full 30 minutes of either reading articles or viewing video content earns you a full 1.0 points. The beauty of digital media technology — disquieting for those who care about privacy and freedom from intrusion — is that our smart apps know a great deal about our actual behaviour. This means that “Xi Study Strong Nation” (and by extension the Party) cannot be bamboozled into awarding points in the absence of real engagement, meaning that you will have to not just open an article or video but will have to stick with it. The app will know if you’ve only viewed the first paragraph, or if you’ve moved away from the video. If you want to earn points (and you are probably now required to), you will have to devote your full attention to the Party.</p>

Scary. It really is 1984-style surveillance.
China  surveillance 
february 2019 by charlesarthur
Undercover agents target cybersecurity watchdog • Associated Press
Raphael Satter:
<p>The researchers who reported that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi’s inner circle before his gruesome death are being targeted in turn by international undercover operatives, The Associated Press has found.

Twice in the past two months, men masquerading as socially conscious investors have lured members of the Citizen Lab internet watchdog group to meetings at luxury hotels to quiz them for hours about their work exposing Israeli surveillance and the details of their personal lives. In both cases, the researchers believe they were secretly recorded.

Citizen Lab Director Ron Deibert described the stunts as “a new low.”

“We condemn these sinister, underhanded activities in the strongest possible terms,” he said in a statement Friday. “Such a deceitful attack on an academic group like the Citizen Lab is an attack on academic freedom everywhere.”

Who these operatives are working for remains a riddle, but their tactics recall those of private investigators who assume elaborate false identities to gather intelligence or compromising material on critics of powerful figures in government or business.

Citizen Lab, based out of the Munk School at the University of Toronto, has for years played a leading role in exposing state-backed hackers operating in places as far afield as Tibet , Ethiopia and Syria . Lately the group has drawn attention for its repeated exposés of an Israeli surveillance software vendor called the NSO Group, a firm whose wares have been used by governments to target journalists in Mexico , opposition figures in Panama and human rights activists in the Middle East .</p>
surveillance  government 
january 2019 by charlesarthur
Mark Zuckerberg’s empire of oily rags • Locus Magazine
Cory Doctorow:
<p>Facebook isn’t a mind-control ray. It’s a tool for finding people who possess uncommon, hard-to-locate traits, whether that’s “person thinking of buying a new refrigerator,” “person with the same rare disease as you,” or “person who might participate in a genocidal pogrom,” and then pitching them on a nice side-by-side or some tiki torches, while showing them social proof of the desirability of their course of action, in the form of other people (or bots) that are doing the same thing, so they feel like they’re part of a crowd.

Even if mind-control rays remain science fiction, Facebook and other commercial surveillance platforms are still worrisome, and not just because they allow people with extreme views to find each other…

…It’s as though Mark Zuckerberg woke up one morning and realized that the oily rags he’d been accumulating in his garage could be refined for an extremely low-grade, low-value crude oil. No one would pay very much for this oil, but there were a lot of oily rags, and provided no one asked him to pay for the inevitable horrific fires that would result from filling the world’s garages with oily rags, he could turn a tidy profit.

A decade later, everything is on fire and we’re trying to tell Zuck and his friends that they’re going to need to pay for the damage and install the kinds of fire-suppression gear that anyone storing oily rags should have invested in from the beginning, and the commercial surveillance industry is absolutely unwilling to contemplate anything of the sort. </p>

The first point is so apt. The internet joins points at the edge; it's a way to find people with a common interest. Sometimes that's good. Sometimes that's really bad.
Zuckerberg  facebook  surveillance  socialwarming 
january 2019 by charlesarthur
In China, your car could be talking to the government • Associated PREss
Erika Kinetz:
<p>When Shan Junhua bought his white Tesla Model X, he knew it was a fast, beautiful car. What he didn’t know is that Tesla constantly sends information about the precise location of his car to the Chinese government.

Tesla is not alone. China has called upon all electric vehicle manufacturers in China to make the same kind of reports — potentially adding to the rich kit of surveillance tools available to the Chinese government as President Xi Jinping steps up the use of technology to track Chinese citizens.

“I didn’t know this,” said Shan. “Tesla could have it, but why do they transmit it to the government? Because this is about privacy.”

More than 200 manufacturers, including Tesla, Volkswagen, BMW, Daimler, Ford, General Motors, Nissan, Mitsubishi and U.S.-listed electric vehicle start-up NIO, transmit position information and dozens of other data points to government-backed monitoring centers, The Associated Press has found. Generally, it happens without car owners’ knowledge.

The automakers say they are merely complying with local laws, which apply only to alternative energy vehicles. Chinese officials say the data is used for analytics to improve public safety, facilitate industrial development and infrastructure planning, and to prevent fraud in subsidy programs.</p>


<a href="http://show.evsmc.org:6064/#/national/">Have a look at the website</a> if you like. That's quite a thing.
china  surveillance  car 
december 2018 by charlesarthur
You snooze, you lose: insurers make the old adage literally true • ProPublica
Marshall Allen:
<p>[Tony] Schmidt, 59, has sleep apnea, a disorder that causes worrisome breaks in his breathing at night. Like millions of people, he relies on a continuous positive airway pressure, or CPAP, machine that streams warm air into his nose while he sleeps, keeping his airway open. Without it, Schmidt would wake up hundreds of times a night; then, during the day, he’d nod off at work, sometimes while driving and even as he sat on the toilet.

“I couldn’t keep a job,” he said. “I couldn’t stay awake.” The CPAP, he said, saved his career, maybe even his life.

As many CPAP users discover, the life-altering device comes with caveats: health insurance companies are often tracking whether patients use them. If they aren’t, the insurers might not cover the machines or the supplies that go with them.

In fact, faced with the popularity of CPAPs, which can cost $400 to $800, and their need for replacement filters, face masks and hoses, health insurers have deployed a host of tactics that can make the therapy more expensive or even price it out of reach.

Patients have been required to rent CPAPs at rates that total much more than the retail price of the devices, or they’ve discovered that the supplies would be substantially cheaper if they didn’t have insurance at all.

Experts who study health care costs say insurers’ CPAP strategies are part of the industry’s playbook of shifting the costs of widely used therapies, devices and tests to unsuspecting patients.</p>

It would be OK to check whether people are using them - but pricing them out of reach? Truly, US health insurers are the problem, not the solution.
Us  health  insurance  surveillance 
november 2018 by charlesarthur
Opinion: Bristol's new phoneboxes could end up spying on you • The Bristol Cable
Adrian Short on a plan to replace 25 BT phoneboxes with "BT InLinkUK" ones offering free calls and Wifi - with ads, and tracking:
<p>When Transport for London (TfL) trialled a similar system on the Tube in 2016, their promises of “de-personalised” data collection fell apart when someone made a Freedom of Information Act request for the data. TfL decided that releasing it would be likely to breach people’s privacy.

“No city should grant anyone blanket permission to run a surveillance system on their streets”
There are also concerns around advertising. AdBlock Bristol have objected to the plans to flood the city with more screens, saying: “People in Bristol are increasingly concerned about the ongoing commercialisation of our public spaces, particularly through digital advertising.

“The council should be listening to those concerns, not blindly allowing dozens more digital advertising screens into our city.”

Bristol needs to decide whether a proliferation of advertising screens and enabling companies like Google to track people and vehicles around the city is a price worth paying for free phone calls and wifi.

But Bristolians won’t get that chance because there is no high-level process for making that decision or blocking the system if residents don’t want it. The process we have is simply to decide 25 minor planning applications, something normally so low-level that it doesn’t even get referred to the city’s councillors.

I’ve been working with AdBlock and the design technologist Ross Atkin to persuade councillors to take responsibility for the InLink system by making these decisions themselves rather than delegating to planning officers.

Councillors should be looking at the overall effect of the network, not just the individual kiosks.</p>
bt  google  tracking  surveillance 
november 2018 by charlesarthur
Revealed: Israel's cyber-spy industry helps world dictators hunt dissidents and gays • Israel News - Haaretz.com
Hagar Shezaf and Jonathan Jacobson:
<p>the Israeli espionage industry has become the spearhead of the global commerce in surveillance tools and communications interception. Today, every self-respecting governmental agency that has no respect for the privacy of its citizens, is equipped with spy capabilities created in Herzliya Pituah.

The reports about Pegasus prompted Meretz MK Tamar Zandberg and human rights lawyer Itay Mack to go to court in 2016 with a request to suspend NSO’s export permit. At the state’s request, however, the deliberations were held in camera and a gag order was issued on the judgment. Supreme Court President Justice Esther Hayut summed up the matter by noting, “Our economy, as it happens, rests not a little on that export.”

The Defense Ministry benefits from the news blackout. Supervision takes place far from the public eye – not even the Knesset’s Foreign Affairs and Defense Committee is privy to basic details of the lion’s share of Israel’s defense exports. Contrary to the norms that exist in other democracies, the ministry refuses to disclose the list of countries to which military exports are prohibited, or the criteria and standards that underlie its decisions.

A comprehensive investigation carried out by Haaretz, based on about 100 sources in 15 countries, had as its aim lifting the veil of secrecy from commerce based on means of espionage. The findings show that Israeli industry have not hesitated to sell offensive capabilities to many countries that lack a strong democratic tradition, even when they have no way to ascertain whether the items sold were being used to violate the rights of civilians.</p>
surveillance  israel  spyware 
october 2018 by charlesarthur
Saudis tried to silence associate of Jamal Khashoggi, recordings show • The Washington Post
Loveday Morris and Zakaria Zakaria:
<p>As he criticized the Saudi leadership as a contributing columnist to The Post, [Jamal] Khashoggi had encountered the pro-government Twitter accounts that Saudi activists refer to as “the flies.”

“Jamal was insulted so much by the Saudi bots,” [exiled Saudi, Omar] Abdulaziz said. “They were focusing on Jamal as he was the voice in the Western media.”

Abdulaziz said he suggested an online countermovement. He just needed some cash to get it off the ground. “We call them ‘the fly army,’ ” he said. “We call ourselves ‘the bee army.’ ”

The plan, he recounted, was to buy SIM cards with Canadian and American numbers that Saudis inside the kingdom could use. Twitter accounts must be verified with a phone number, and activists in Saudi Arabia are scared of linking their Saudi numbers to their Twitter accounts, fearful they could be traced and arrested for being critical of the government, he said. They’d already allocated 200 SIM cards to people.  

Khashoggi had also asked Abdulaziz to help on a short film showing how the Saudi leadership was dividing the country, he said. And Khashoggi had asked for help designing a logo for a new foundation he was forming — Democracy for Arab World Now. Abdulaziz was also helping him design a website to track human rights issues.

But Khashoggi was particularly apprehensive about the SIM card project. “He told me this project is too dangerous,” Abdulaziz said. “He told me to be careful. . . . Twitter is the only platform we have, we don’t have a parliament.” 

In a June 21 message, Khashoggi wrote to Abdulaziz: “I will try to get the money. . . . We should do something. You know sometimes I’m [affected] by their attacks.”

Two days later, Abdulaziz placed an order on Amazon. He clicked a link sent to his phone to track a parcel delivery. He suspects that the action infected his phone. 

The Citizen Lab, a University of Toronto project that investigates digital espionage against civil society, warned him in August that his phone may have been hacked. Two weeks ago, the group concluded with a “high degree of confidence” that his cellphone had been targeted. The group said it believed the operator is linked to “Saudi Arabia’s government and security services.”</p>


As a reminder, <a href="https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">Apple in September 2016 issued an urgent security update to address spyware</a> that Saudi Arabia bought from an Israeli company for about $1m to infect the phone of another dissident, Ahmed Mansoor. Mohammad bin Salman, the current ruler of Saudi Arabia, didn't take over until June 2017. So this isn't new.
saudi  surveillance  spyware 
october 2018 by charlesarthur
What damage control looks like in Saudi Arabia • Bloomberg
Donna Abu-Nasr and Vivian Nereim:
<p>“I’m shaking now, literally,” says a Saudi businessman vacillating between fear and disbelief that his country might have resorted to the methods of late dictators such as Iraq’s Saddam Hussein and Libya’s Moammar Qaddafi. He spoke on condition of anonymity, a usual request nowadays in a country where the prince has been willing to detain even royals and billionaires to get his way.

Repression is key to damage control at home. A young Saudi who recently returned to the kingdom after studying abroad wrestled with how to react to the Khashoggi news before concluding he had to defend his country above all. Saudis have to side with the government no matter what, he says. As the prince consolidated power in the past two years, many in Riyadh became increasingly cautious about what they say in public. “Talking costs you dearly now,” one Saudi academic said in August after declining to meet with a Bloomberg News reporter. Those still willing to talk suggest rendezvous in secluded settings. They leave their phones behind or seal them in containers in other rooms, hoping to prevent the microphones from being used as listening devices. Sometimes they whisper in the privacy of their own homes.</p>
saudi  surveillance 
october 2018 by charlesarthur
Are New York’s free LinkNYC internet kiosks tracking your movements? • The Intercept
Ava Kofman:
<p>Plans to replace the city’s payphone booth network with Wi-Fi-enabled kiosks were first announced by de Blasio in 2014. Less than a year later, the city awarded a contract to a chameleon-like consortium of private companies known as CityBridge. It was an attractive deal: LinkNYC kiosks, at no cost to the city, would provide free internet coverage to anyone walking by. CityBridge, in turn, would be responsible for the installation, ownership, and construction of the devices, with plans to earn back its expenses through advertising. The twin 55in displays will eventually carry targeted ads derived from the information collected about kiosk users.

These terms raised alarms among internet researchers and privacy experts, who were quick to point out that nothing in life is truly free. “As we know,” Benjamin Dean, a technology policy analyst, told attendees at a New York hacking conference in 2016, “When you’re not paying, you’re not the customer — you’re the product.”

The key player in CityBridge is known as Intersection, and one of Intersection’s largest investors is Sidewalk Labs, with whom it also shares the same offices and staff. Sidewalk Labs CEO Daniel Doctoroff is the chair of Intersection’s board. Sidewalk Labs is owned by Google’s holding company, Alphabet Inc. In other words, the plan to blanket New York City with 7,500 camera-equipped obelisks has been largely underwritten by the company formerly known as Google — a corporation whose business model depends on selling your personal information to advertisers.</p>
advertising  privacy  kiosk  surveillance 
september 2018 by charlesarthur
From laboratory in far west, China's surveillance state spreads quietly • Reuters
Cate Cadell:
<p>Filip Liu, a 31-year-old software developer from Beijing, was traveling in the far western Chinese region of Xinjiang when he was pulled to one side by police as he got off a bus.

The officers took Liu’s iPhone, hooked it up to a handheld device that looked like a laptop and told him they were “checking his phone for illegal information”.

Liu’s experience in Urumqi, the Xinjiang capital, is not uncommon in a region that has been wracked by separatist violence and a crackdown by security forces.

But such surveillance technologies, tested out in the laboratory of Xinjiang, are now quietly spreading across China.

Government procurement documents collected by Reuters and rare insights from officials show the technology Liu encountered in Xinjiang is encroaching into cities like Shanghai and Beijing.

Police stations in almost every province have sought to buy the data-extraction devices for smartphones since the beginning of 2016, coinciding with a sharp rise in spending on internal security and a crackdown on dissent, the data show.

The documents provide a rare glimpse into the numbers behind China’s push to arm security forces with high-tech monitoring tools as the government clamps down on dissent…

…These sorts of scanners are used in countries like the United States but they remain contentious and security forces need to go through a lengthy legal process to be able to forcibly break into a suspect’s phone.

In China, while a number of firms say they have the ability to crack many phones, police are generally able to get users to hand over their passwords, experts say.</p>


It's very intrusive, but of course there's no way for people to protest effectively. It's claimed that it can break into iPhones - which of course you can if you get the passcode.
china  surveillance 
august 2018 by charlesarthur
Global warning: Nick Harkaway on Gnomon • Waterstones
Nick Harkaway's novel Gnomon began in 2014 as a rumination on a surveillance society, but realityt is starting to outpace its author:
<p>there’s an outer ring of surveillance which has also emerged over the last few years, and which can do similar tricks: the ring of data. We leave a trail through the world, of Internet history and store cards and credit cards and Oyster cards. Your supermarket knows you’re worried about staying healthy because you buy vitamins; they know you’re trying to get pregnant because you’ve changed your purchase; that you’ve succeeded; that it’s a boy; that it’s a girl; that it’s twins. Or they know to a reasonable percentage of certainty, and their model of you changes with those assumptions so that you get offered different things. So that they can persuade you to buy things. So that they can, to some degree, control your choices.

So that you can be "ground honest" [the purpose of the panopticon] - or in this case, ground into buying a more expensive brand of formula milk. Or trainers. Or birth control. Whatever it is that you want, they know you want it - sometimes before you do.

The inner and outer layers of surveillance - the brain and the cloud - give away intimate secrets. They allow the state and the commercial sector to know things which, if someone were simply watching you with a long lens, you would consider grossly inappropriate and probably criminal.

And these things are in their infancy. They have barely begun to take hold. A decade ago we swam in a sea of chaotic data and our minds were opaque. The day after tomorrow we’ll be, effectively, in a transparent glass tank, and our minds will legible. Employers - already keen to watch workers in the workplace both physically and digitally - will begin to ask you to sit for direct assessments. Are you loyal, enthused, considering a move? Are you thinking of joining a union? Starting one? Are you a troublemaker? Are your values in line with the company’s? 

Before you say "that will never happen," stop and understand that to a great extent it already does in many industries, just without the new technology to make it more straightforward.</p>
Surveillance  society 
july 2018 by charlesarthur
How Smart TVs in millions of US homes track more than what’s on tonight • The New York Times
Sapna Maheshwari:
<p>Samba TV is one of the bigger companies that track viewer information to make personalized show recommendations. The company said it collected viewing data from 13.5m smart TVs in the United States, and it has raised $40m in venture funding from investors including Time Warner , the cable operator Liberty Global and the billionaire Mark Cuban.

Samba TV has struck deals with roughly a dozen TV brands — including Sony, Sharp, TCL and Philips — to place its software on certain sets. When people set up their TVs, a screen urges them to enable a service called Samba Interactive TV, saying it recommends shows and provides special offers “by cleverly recognizing onscreen content.” But the screen, which contains the enable button, does not detail how much information Samba TV collects to make those recommendations.

Samba TV declined to provide recent statistics, but one of its executives said at the end of 2016 that more than 90% of people opted in.

Once enabled, Samba TV can track nearly everything that appears on the TV on a second-by-second basis, essentially reading pixels to identify network shows and ads, as well as programs on Netflix and HBO and even video games played on the TV. Samba TV has even offered advertisers the ability to base their targeting on whether people watch conservative or liberal media outlets and which party’s presidential debate they watched.

The big draw for advertisers — which have included Citi and JetBlue in the past, and now Expedia — is that Samba TV can also identify other devices in the home that share the TV’s internet connection.

Samba TV, which says it has adhered to privacy guidelines from the Federal Trade Commission, does not directly sell its data. Instead, advertisers can pay the company to direct ads to other gadgets in a home after their TV commercials play, or one from a rival airs. Advertisers can also add to their websites a tag from Samba TV that allows them to determine if people visit after watching one of their commercials.</p>


"More than 90% of people opted in". Yeah, sure. They clicked "I agree" to make it go away.
smarttv  surveillance  business 
july 2018 by charlesarthur
Amazon teams up with law enforcement to deploy dangerous new face recognition technology • ACLU of Northern CA
<p>Marketing materials and documents obtained by ACLU affiliates in three states reveal a product that can be readily used to violate civil liberties and civil rights. Powered by artificial intelligence, <a href="https://aws.amazon.com/rekognition/">Rekognition</a> can identify, track, and analyze people in real time and recognize up to 100 people in a single image. It can quickly scan information it collects against databases featuring tens of millions of faces, according to Amazon.

Amazon is marketing Rekognition for government surveillance. According to its marketing materials, it views deployment by law enforcement agencies as a “common use case” for this technology. Among other features, the company’s materials describe “person tracking” as an “easy and accurate” way to investigate and monitor people. Amazon says Rekognition can be used to identify “people of interest” raising the possibility that those labeled suspicious by governments — such as undocumented immigrants or Black activists — will be seen as fair game for Rekognition surveillance. It also says Rekognition can monitor “all faces in group photos, crowded events, and public places such as airports” — at a time when Americans are joining public protests at unprecedented levels.

Amazon’s Rekognition raises profound civil liberties and civil rights concerns. Today, the ACLU and a coalition of civil rights organizations demanded that Amazon stop allowing governments to use Rekognition.</p>


I think this horse has long since left the stable. If not Amazon, then it will be Facebook; or a Chinese company; or someone else. We're already in the age of facial recognition; it's just going to get better.
amazon  biometrics  surveillance  police 
may 2018 by charlesarthur
Palantir knows everything about you • Bloomberg Businessweek
Peter Waldman, Lizette Chapman, and Jordan Robertson offer a huge rundown on Peter Thiel's data-gathering company, which does work mostly for law enforcement and finance (it seems); this little example from Los Angeles where the LAPD is using its "Gotham" system points to the problems:
<p>In 2016, [22-year-old Manuel] Rios was sitting in a parked car with an Eastside 18 [gang] friend when a police car pulled up. His buddy ran, pursued by the cops, but Rios stayed put. “Why should I run? I’m not a gang member,” he says over steak and eggs at the IHOP near his home. The police returned and handcuffed him. One of them took his picture with a cellphone. “Welcome to the gang database!” the officer said.

Since then he’s been stopped more than a dozen times, he says, and told that if he doesn’t like it he should move. He has nowhere to go. His girlfriend just had a baby girl, and he wants to be around for them. “They say you’re in the system, you can’t lie to us,” he says. “I tell them, ‘How can I be in the hood if I haven’t got jumped in? Can’t you guys tell people who bang and who don’t?’ They go by their facts, not the real facts.”

The police, on autopilot with Palantir, are driving Rios toward his gang friends, not away from them, worries Mariella Saba, a neighbor and community organizer who helped him get off meth. When whole communities like East L.A. are algorithmically scraped for pre-crime suspects, data is destiny, says Saba. “These are systemic processes. When people are constantly harassed in a gang context, it pushes them to join. They internalize being told they’re bad.”</p>


You don't finish this thinking that Palantir are on the up and up.
privacy  surveillance  palantir 
april 2018 by charlesarthur
Alibaba invests in Chinese facial-recognition startup • WSJ
Liza Lin:
<p>Alibaba’s share in the $600m Series C funding round wasn’t disclosed. Other investors include Singapore state investment company Temasek Holdings Pte. Ltd. and Chinese electronics retailer Suning.com Co.

Founded in 2014, SenseTime is among a handful of Chinese AI startups that got their start selling facial-recognition systems to local police agencies. With a vast network of surveillance cameras, China is using facial recognition to identify criminal suspects as well as to influence behavior, such as discouraging jaywalking.

The technology also has commercial applications, with some companies now using it instead of badges to grant employees access to their workplaces. Mr. Xu said SenseTime would use the new funding to focus on expanding the technology’s commercial applications and AI capabilities.

SenseTime is also developing algorithms for autonomous driving, as a partner with Honda Motor Co. , and is working with Shanghai’s government to use AI to ease traffic congestion.</p>


SenseTime is quite creepy: the way the Chinese government is using it to monitor people in real time is really freaky.
alibaba  sensetime  video  surveillance 
april 2018 by charlesarthur
The house that spied on me • Gizmodo
Kashmir Hill and Surya Matta:
<p>
Matta: Yes, I am basically Kashmir’s sentient home. Kashmir wanted to know what it would be like to live in a smart home and I wanted to find out what the digital emissions from that home would reveal about her. Cybersecurity wasn’t my focus. (I wasn’t interested in hacking her sex toy or any of her other belongings.) Privacy was. What could I tell about the patterns of her and her family’s life by passively gathering the data trails from her belongings? How often were the devices talking? Could I tell what the people inside were doing on an hourly basis based on what I saw?

Using a Raspberry Pi computer, I built a router with a Wi-Fi network called “iotea” (I’m not very good at naming things) to which Kashmir connected all of her devices, so that I could capture the smart home’s network activity. In other words, I could see every time the devices were talking to servers outside the home.

I had the same view of Kashmir’s house that her Internet Service Provider (ISP) has. After Congress voted last year to allow ISPs to spy on and sell their customers’ internet usage data, we were all warned that the ISPs could now sell our browsing activity, or records of what we do on our computers and smartphones. But in fact, they have access to more than that. If you have any smart devices in your home—a TV that connects to the internet, an Echo, a Withings scale—your ISP can see and sell information about that activity too. With my “iotea” router I was seeing the information about Kashmir and her family that Comcast, her ISP, could monitor and sell.</p>

All very scary, really. And inconvenient: she needed 14 different apps (and accounts) to control it all, and the lights wouldn't listen to the Alexa, and "smart coffee was also a world of hell". (The dream of making-coffee-at-a-distance just won't go away.)
surveillance  iot 
february 2018 by charlesarthur
Apple Watch hits cellular snag in China • WSJ
Yang Jie and Yoko Kubota:
<p>For the first time, the Apple Watch can have an independent cellular connection, allowing people to use it to make voice calls, send and receive text and data even if the watch isn’t wirelessly connected to an iPhone.

But in China, the feature was abruptly cut off for new subscribers, without explanation, after a brief availability with one telecom company.

Industry analysts say the suspension likely stemmed from Chinese government security concerns to do with tracking users of the device, which uses different technology than standard mobile phones.

China strictly regulates mobile phones and all three major telecom service providers are state-owned companies. To get a SIM—subscriber identity module—card to operate the phone, users must register under their real names with a network carrier.

The latest Apple Watch poses a challenge to the existing user identification system, industry analysts said. The watch contains a new and tiny version of the SIM card, called embedded SIM, or eSIM. The eSIM is embedded in the watch by Apple, not by carriers.

The benefit of a device carrying an eSIM is that, with software, users can choose a telecom operator and a communications plan. But in China, that new system raises the question of how carriers and regulators can track the device user’s identity.

“The eSIM (system) isn’t mature enough yet in China,” one analyst said. “The government still needs to figure out how they can control the eSIM.”</p>


Just in case anyone needed a riposte to some of the articles that have been running suggesting China is a wonderful place to be.
china  applewatch  surveillance 
october 2017 by charlesarthur
Want to see something crazy? Open this link on your phone with WiFi turned off • Medium
Philip Neustrom:
<p>Want to see something crazy? Open this link on your phone with WiFi turned off:
<a href="https://bit.ly/crazymobiledemo">https://bit.ly/crazymobiledemo</a>

Click “Begin,” enter the ZIP code and then click “See Underlying Data.”

What you should see is your home address, phone number, cell phone contract details, and — depending on what kind of cell phone towers you’re currently connected to — a latitude and longitude describing the current location of your cell phone…

…In 2003, news came to light that AT&T was providing the DEA and other law enforcement agencies with no-court-warrant-required access to real time cell phone metadata. This was a pretty big deal at the time.

But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.

Given the trivial “consent” step required by these services and unlikely audit controls, it appears that these services could be used to track or de-anonymize nearly anyone with a cell phone in the United States with potentially no oversight.</p>


I haven't confirmed that this works (because I'm not in the US). But others are very worried by it.
privacy  wireless  surveillance 
october 2017 by charlesarthur
Following heavy criticism, OnePlus makes changes to its data collection policy • AndroidAuthority
Brian Reigh:
<p>the company’s co-founder has taken to the official OnePlus forum to address some of the concerns. Specifically, Carl Pei says that there will be some much-needed changes in how the company collects user data in the future:
<p>By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program. The setup wizard will clearly indicate that the program collects usage analytics. In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will no longer be collecting telephone numbers, MAC Addresses and WiFi information.</p>


Pei emphasizes again that for existing users, usage analytics collection can be turned off by going into Settings – Advanced – Join user experience program. For new users, you will have the option to disable it during the initial setup.

Not to condone the company’s unauthorized collection of personal data, but information like reboot and charging timestamps could be useful for “after-sales support” indeed. However, I can’t help but conclude that the collection of phone numbers, MAC addresses, and Wi-Fi information was, plainly put, gross misconduct on the company’s part. And Pei’s simply stating that the company would stop collecting the said data from now on doesn’t absolve him from his duty owed to consumers to explain why it was necessary in the first place.</p>


Reigh has said it all. Just stop collecting this data now.
oneplus  surveillance 
october 2017 by charlesarthur
Google is permanently removing Home Mini’s top touch functionality due to always-recording bug • 9to5Google
Justin Duino:
<p>On October 10, Google confirmed that one of the Home Mini’s features — the ability to trigger Assistant by tapping on the top of the speaker — was defective on a select number of units. As the bug was causing the smart speaker to essentially listen and record its surroundings 24/7, Google quickly pushed out an update to disable this feature.

Google has now reached out to let us know that it has permanently removed the Assistant-specific touch functionality and will not bring it back…
<p>We take user privacy and product quality concerns very seriously. Although we only received a few reports of this issue, we want people to have complete peace of mind while using Google Home Mini.

We have made the decision to permanently remove all top touch functionality on the Google Home Mini. As before, the best way to control and activate Google Home Mini is through voice, by saying “Ok Google” or “Hey Google,” which is already how most people engage with our Google Home products. You can still adjust the volume by using the touch control on the side of the device.</p>
</p>


This stemmed from the experience of Artem Russakovskii of Android Police, as <a href="http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/">noted here last week</a>. Google should probably be glad he discovered it: imagine the outcry if it had gone into full production with this happening.
googlehome  mini  recording  surveillance 
october 2017 by charlesarthur
Google is nerfing all Home Minis because mine spied on everything I said 24/7 [Update] • Android Police
Artem Russakovskii:
<p>Without fail, every time a new listening device comes to market, some tinfoil hat-wearer points out how perfect they would be as modern-day Trojan horses for any of the three-letter acronym organizations - NSA, CIA, FBI - you name it. Manufacturers, on their part, assure us their devices are perfectly safe and only listen when prompted. We brush the concerns off and move on with our lives, but not before granting our smart pineapples (did you know "pineapple" is the codename for Google Home?) access to the smart rice maker, smart vacuum, and smart toothbrush.

I didn't give too much thought to these privacy concerns because they all sounded theoretical and unlikely. My four Google Homes and three Echos sat quietly on their respective desks and counters, and only turned on when one of three things happened:

• I called out a hotword (Alexa for Echos and Hey or OK Google for Homes).<br />• A video I was watching or podcast I was listening to did this (I'm looking at you, Marques!)<br />• They heard a noise or word that they thought sounded like a hotword but in reality was not. This happened once or twice every few days.

That is until last week, when a 4th case came along - 24/7 recording, transmission to Google's servers, and storing on them of pretty much everything going on around my Home Mini, which I had just received at the Made by Google October 4th launch event.</p>


The Home Mini was recording <em>everything</em>, and storing it on Google's servers. Google says it was a hardware flaw on the batches given out at the "Made by Google" events introducing this. Russakovskii estimates that's at least 4,000 of them. It has disabled the long-press functionality as a result.
googlehome  surveillance 
october 2017 by charlesarthur
Even this data guru is creeped out by what anonymous location data reveals about us • Fast Company
DJ Pangburn:
<p>Last fall [Buzzfeed vp of data science, Gilad] Lotan taught a class at New York University on surveillance that kicked off with an assignment like the one I’d given him: link anonymous location data with other data sets–from LinkedIn, Facebook, home registration and mortgage records, and other online data.

“It’s not hard to figure out who this [unnamed] person is,” says Lotan. In class, students found that tracking location data around holidays proved to be the easiest way to determine who, exactly, the data belonged to. “Basically,” he says, “visits to private homes that are owned and publicly registered.”

In 2013, researchers at MIT and the Université Catholique de Louvain in Belgium published a paper reporting on 15 months of study of human mobility data for over 1.5 million individuals. What they found is that only four spatio-temporal points are required to “uniquely identify 95% of the individuals.” The researchers concluded that there was very little privacy even in raw location data. Four years later, their calls for policies rectifying concerns about location tracking have fallen largely on deaf ears.

Lotan worries about the availability of the data. “I think something that is important to tell in this story is how many services have access to this information.”

“There are so many apps on an iPhone that run in the background and persistently track your location. They tell you that, but most people don’t know.”

Some apps do it even when you’ve specifically denied them access (see Accuweather); some have stopped tracking you when you’re not using them but only after user protest (see, recently, Uber). And see the bottom of the story for tips on how to protect yourself.</p>


The tips are basically "turn off location tracking". (Lotan has previously figured here on the topics of <a href="https://points.datasociety.net/fake-news-is-not-the-problem-f00ec8cdfcb#.d0f75w6rj">fake news</a>, <a href="https://medium.com/i-data/trumpwon-trend-vs-reality-16cec3badd60#.z1zmwrxz5">fake claims over Twitter bots</a>, and the <a href="http://boingboing.net/2015/03/08/imaginary-isis-attack-on-louis.html">strange case of the imaginary Isis attack in Louisiana</a>.)
location  tracking  surveillance 
september 2017 by charlesarthur
He turned his home into a reality television show • The New York Times
Farhad Manjoo is "that guy":
<p>Q: What new tech product are you currently obsessed with using at home? What do you and your family do with it?

FM: This is going to sound weird, but I’m a strange person. I have two kids, ages six and three, and for the last few years I’ve been mourning their loss of childhood. Every day they get a little bit older, and even though my wife and I take lots of photos and videos of them, I can’t shake the feeling that we’re losing most of the moments of their lives.

So last summer, after some intense lobbying of my wife, I did something radical: I installed several cameras in my living room and dining room to record everything we did at home for posterity. In other words, I created a reality show in my house.

In practice, it works like this: The cameras are motion-activated and connected to servers in the cloud. Like security cameras in a convenience store, they are set to record on a constant loop — every video clip is saved for a few days, after which it’s automatically deleted, unless I flag it for long-term keeping.

Yes, this system sets up a minefield of potential problems: We turn off the cameras when we have guests (it’s unethical to record people without their consent) and we don’t spy on each other. There are also security concerns. I’m not going to disclose the brand of the cameras I used because I don’t want to get hacked. The safety of internet-of-things devices are generally not airtight.

And yet I’ve found these cameras to be just wonderful at capturing the odd, beautiful, surprising, charming moments of life that we would never have been able to capture otherwise. Every time the kids say something hilarious or sweet, or do something for the first time, I make a note of the time and date. Later on, I can go and download that exact clip, to keep forever. I’ve already got amazing videos of weeknight dinners, of my wife and I watching the news on election night, of my son learning to play Super Mario Brothers, and my kids having a dance party to their favorite music.

When I’m 80 and the robots have taken over, I’ll look back on these and remember that life was good, once.</p>


Not sure how I feel about this. (Our kids are all well into double figures, and our memories have recovered from the sleep deprivation.)
technology  surveillance 
march 2017 by charlesarthur
DC police surveillance cameras were infected with ransomware before inauguration • Ars Technica
Sean Gallagher:
<p>Networked digital video recorders have been harnessed for all sorts of ill intent over the past few months, including use in a botnet that disrupted large swaths of the Internet. But a different sort of malware hit the DVRs used by the District of Columbia’s closed-circuit television (CCTV) surveillance system just one week before Inauguration Day. The Washington Post reports that 70% of the DVR systems used by the surveillance network were infected with ransomware, rendering them inoperable for four days and crippling the city’s ability to monitor public spaces.

The CCTV system, operated by the District’s Metropolitan Police Department and supported by the DC Office of the Technology Officer (OCTO), began to be affected on January 12. Police noticed they could not access video from four DVRs. Washington DC Chief Technology Officer Archana Vemulapalli told the Post that two forms of malware were found on the four systems, and a system-wide sweep discovered additional DVR clusters that were infected.

The infections were limited to the local networks that the DVRs ran on, and this ransomware did not extend to the District’s internal networks.</p>


(Gallagher's report has more detail than the WaPo one, which is why I used it.) Surprised the White House press secretary hasn't used this as an excuse for the tiny inauguration numbers yet.
surveillance  ransomware 
january 2017 by charlesarthur
CJEU judgment in Watson • Independent Reviewer of Terrorism Legislation
David Anderson is the UK's IRoTL; here he looks at the Court of Justice for the EU (the highest European Court) in the case brought by David Davis (a Tory MP, now member of the UK government) and Tom Watson (Labour MP, still in Opposition) over Theresa May's (was Home Secretary, now Prime Minister) use of data retention:
<p>The wider significance of the Grand Chamber’s judgment is in its ruling that the whole principle of  what it called “general and indiscriminate retention” (para 97) is contrary to EU law – specifically the Charter of Fundamental Rights.

The proven utility of existing data retention powers is likely to mean that this bold judgment of the CJEU – based on its assessment  that these powers constitute a “particularly serious” interference with privacy rights, and are “likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance” (para 100) – will be of serious concern to law enforcement both in the UK and in other Member States.

The comments of the CJEU in relation to the seriousness of the interference with privacy are not mirrored in the three parliamentary and expert reports which led to the introduction of the Investigatory Powers Bill, nor in the regular reports of the Interception of  Communications Commissioner, the senior former Judge who conducts detailed oversight of this activity in the UK.  This may reflect what I have previously described as “marked and consistent differences of opinion between the European Courts and the British judges … which owe something at least to varying perceptions of police and security forces and to different (but equally legitimate) conclusions that are drawn from 20th century history in different parts of Europe” (A Question of Trust, 2.24).</p>


As you might imagine, there's a lot more, but this is the meat and potatoes of it, and simply digestible.
dataretention  surveillance 
december 2016 by charlesarthur
Who will command the robot armies? • Idle Words
Maciej Ceglowski, from a talk he gave in Australia:
<p>What both these places [Dubai and Singapore] have in common is that they had some kind of plan. As Walter Sobchak put it, say what you will about social control, at least it's an ethos.

The founders of these cities pursued clear goals and made conscious trade-offs. They used modern technology to work towards those goals, not just out of a love of novelty.

We [in the US], on the other hand, didn't plan a thing.

We just built ourselves a powerful apparatus for social control with no sense of purpose or consensus about shared values.

Do we want to be safe? Do we want to be free? Do we want to hear valuable news and offers?

The tech industry slaps this stuff together in the expectation that the social implications will take care of themselves. We move fast and break things.

Today, having built the greatest apparatus for surveillance in history, we're slow to acknowledge that it might present some kind of threat.</p>


He's never less than thought-provoking, and some of the passing jokes are excellent.
surveillance  society 
november 2016 by charlesarthur
Britain has passed the 'most extreme surveillance law ever passed in a democracy' • ZDNet
Zack Whittaker:
<p>It's 2016 going on 1984.

The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous". The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government.

Four years and a general election later - May is now prime minister - the bill was finalized and passed on Wednesday by both parliamentary houses. But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online".

It's no wonder, because it basically does.

The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand - though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch…

…The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".</p>


The "decryption on demand" simply can't be done. The "new security features" is likely to give GCHQ the chance to think whether it can exploit it - though there'll be nothing there which an alert intelligence agency wouldn't already know about; it's more to give them something to accuse companies of.

The government will suggest that the new powers are necessary to "stop terrorism". We'll see whether it has any cases it can point to in a few years' time that flowed from this.
privacy  uk  surveillance 
november 2016 by charlesarthur
Sweden bans cameras on drones • BBC News
<p>The use of camera drones has been made illegal in Sweden unless they are granted a special surveillance permit.

Under <a href="http://www.hogstaforvaltningsdomstolen.se/Om-Hogsta-forvaltningsdomstolen/Nyheter-fran-Hogsta-forvaltningsdomstolen/Tillstand-kravs-for-kamera-pa-en-dronare-men-inte-for-kamera-i-en-bil/">new rules</a> set down by the Supreme Administrative Court of Sweden, camera drones qualify as surveillance cameras and require a licence.

Permits can be expensive and paying to apply for one does not guarantee it will eventually be granted.

There are no exceptions made for journalists, and critics have said the ruling could mean job losses.

In what some are describing as a "huge blow" to the aerial photography and camera drone industry, the court ruled that drone-mounted cameras are "regarded as surveillance cameras".

Industry group UAS Sweden (Unmanned Aerial System) has argued that the court ruling could put 5,000 jobs in danger.</p>


Petapixel says more than 20,000 drones were sold in Sweden in 2014, and more than 1,000 permits for commercial use.
privacy  surveillance  sweden  drones 
october 2016 by charlesarthur
How a facial recognition mismatch can ruin your life • The Intercept
Ava Kofman:
<p>In 2009, following the National Academy of Sciences’ call for stricter scientific standards to underpin forensic techniques, the FBI formed the Facial Identification Scientific Working Group to recommend uniform standards and best practices for the subjective practice of facial comparison. But the working group’s mission soon ran up against an objective difficulty: Like some other forensic sciences, facial comparison lacks a statistical basis from which its conclusions may be drawn.

This is, in part, because no one knows the probability of a given feature’s distinctiveness. As a FAVIAU slide on the “Individualization of People from Images” explained, “Lack of statistics means: conclusions are ultimately opinion-based.” To remedy this flaw, a 2008 FBI report recommended that the agency undertake research to quantify the frequency of facial features. But such efforts, which have been underway since at least the late 19th century, have so far proved inconclusive.

“What is similar enough? Nobody can tell you. It’s in the eye of the beholder,” said Itiel Dror, a cognitive neuroscientist at University College London. “You need to know that if this person has a right nostril bigger than the left nostril, are the chances one out of a million or is it every second person?”</p>
privacy  surveillance  facialrecognition 
october 2016 by charlesarthur
Facebook, Instagram, and Twitter provided data access for a surveillance product marketed to target activists of color • ACLU of Northern California
Matt Cagle of the American Civil Liberties Union:
<p>The ACLU of California has obtained records showing that Twitter, Facebook, and Instagram provided user data access to Geofeedia, a developer of a social media monitoring product that <a href="https://medium.com/@ACLU_NorCal/police-use-of-social-media-surveillance-software-is-escalating-and-activists-are-in-the-digital-d29d8f89c48#.fowkro6dy">we have seen marketed to law enforcement as a tool to monitor activists and protesters</a>.

We are pleased that after we reported our findings to the companies, Instagram cut off Geofeedia’s access to public user posts, and Facebook has cut its access to a topic-based feed of public user posts. Twitter has also taken some recent steps to rein in Geofeedia though it has not ended the data relationship.

Further steps are required if these companies are to live up to their principles and policies by protecting users of all backgrounds engaging in political and social discourse. So today the ACLU of California, the Center for Media Justice, and Color of Change are calling on Twitter, Facebook and Instagram to commit to concrete changes to better protect users going forward. Read our letters <a href="https://www.aclunc.org/sites/default/files/20161010_ACLU_CMJ_Color_of_Change_Joint_letter_Twitter.pdf">here</a> and <a href="https://www.aclunc.org/sites/default/files/20161010_ACLU_CMJ_Color_of_Change_Joint_letter_Facebook_Instagram.pdf">here</a>. 

We first learned about these agreements with Geofeedia from<a href="https://www.aclunc.org/sites/default/files/20160921_Social_Media_Surveillance_PRA_Summary.pdf"> responses to public records requests to 63 California law enforcement agencies</a>. These records revealed the fast expansion of social media surveillance with little-to-no debate or oversight.</p>


This is a natural, logical spinoff of the surveillance implicitly embedded in targeted advertising-based products. Problem for Twitter et al: how do you know whether a third party which buys access to your API isn't using it like this?
socialmedia  surveillance 
october 2016 by charlesarthur
Remarks at the SASE panel on the moral economy of tech • Idle Words
The majestic Maciej Ceglowski:
<p>treating the world as a software project gives us a rationale for being selfish. The old adage has it that if you are given ten minutes to cut down a tree, you should spend the first five sharpening your axe. We are used to the idea of bootstrapping ourselves into a position of maximum leverage before tackling a problem.

In the real world, this has led to a pathology where the tech sector maximizes its own comfort. You don't have to go far to see this. Hop on BART after the conference and take a look at Oakland, or take a stroll through downtown San Francisco and try to persuade yourself you're in the heart of a boom that has lasted for forty years. You'll see a residential theme park for tech workers, surrounded by areas of poverty and misery that have seen no benefit and ample harm from our presence. We pretend that by maximizing our convenience and productivity, we're hastening the day when we finally make life better for all those other people.

Third, treating the world as software promotes fantasies of control. And the best kind of control is control without responsibility. Our unique position as authors of software used by millions gives us power, but we don't accept that this should make us accountable. We're programmers—who else is going to write the software that runs the world? To put it plainly, we are surprised that people seem to get mad at us for trying to help.

Fortunately we are smart people and have found a way out of this predicament. Instead of relying on algorithms, which we can be accused of manipulating for our benefit, we have turned to machine learning, an ingenious way of disclaiming responsibility for anything. Machine learning is like money laundering for bias. It's a clean, mathematical apparatus that gives the status quo the aura of logical inevitability. The numbers don't lie.</p>


He then goes much deeper into the darker potential for "surveillance capitalism" - especially under Trump, or Clinton, or even the Polish government of his homeland.
computing  culture  ethics  privacy  surveillance 
june 2016 by charlesarthur
Google and Microsoft have made a pact to protect surveillance capitalism » The Guardian
Julia Powles on the surprising (to many) decision by Microsoft to withdraw from antitrust complaints and lobbying against Google:
<p>Microsoft today is facing a very different business ecosystem to the one it dominated in the 1990s. It needs to adapt. And it appears to want to do so by positioning itself at the heart of what Satya Nadella describes as “systems of intelligence”.

Explaining this concept at Hannover Messe 2016, Nadella defined systems of intelligence as cloud-enabled digital feedback loops. They rely on the continuous flow of data from people, places and things, connected to a web of activity. And they promise unprecedented power to reason, predict and gain insight.

This is <a href="https://www.theguardian.com/technology/2015/jul/15/internet-of-things-mass-surveillance">unbridled Big Data utopianism</a>. And it is a vision that brings Microsoft squarely into Google territory. So maybe Microsoft is pulling out of regulatory battles because it doesn’t want to shoot itself in the foot. For emeritus Harvard Business School professor <a href="http://shoshanazuboff.com/">Shoshana Zuboff</a>, this gets to the core of the Google-Microsoft deal.

Zuboff is a <a href="http://www.theguardian.com/commentisfree/2016/may/01/profits-perils-drilling-data-oil-surveillance-online-information">leading critic</a> of what she calls “surveillance capitalism”, the <a href="http://www.faz.net/aktuell/feuilleton/debatten/the-digital-debate/shoshana-zuboff-secrets-of-surveillance-capitalism-14103616.html">monetization of free behavioral data acquired through surveillance and sold on to entities with an interest in your future behaviour</a>. As she explained to the Guardian: “Google discovered surveillance capitalism. Microsoft has been late to this game, but it has now waded in. Viewed in this way, its agreement with Google is predictable and rational.”</p>
microsoft  google  surveillance 
may 2016 by charlesarthur
US government pushed tech firms to hand over source code » ZDNet
Terrific scoop by Zack Whittaker:
<p>The US government has made numerous attempts to obtain source code from tech companies in an effort to find security flaws that could be used for surveillance or investigations.

The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We're not naming the person as they relayed information that is likely classified.

With these hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing "most of the time."

When asked, a spokesperson for the Justice Dept. acknowledged that the department has demanded source code and private encryption keys before. In a recent filing against Apple, the government cited a 2013 case where it won a court order demanding that Lavabit, an encrypted email provider said to have been used by whistleblower Edward Snowden, must turn over its source code and private keys.</p>


The fact that Justice Department says it might demand the same from Apple does slightly imply that it doesn't have it already.
apple  us  fisa  surveillance 
march 2016 by charlesarthur
Secret memo details US’s broader strategy to crack phones » Bloomberg Business
Terrific scoop by Michael Riley and Jordan Robertson:
<p>In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.

The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.</p>
apple  encryption  surveillance 
february 2016 by charlesarthur
The colour of surveillance » Slate
Alvaro Bedoya:
<p>The FBI has a lead. A prominent religious leader and community advocate is in contact with a suspected sleeper agent of foreign radicals. The attorney general is briefed and personally approves wiretaps of his home and offices. The man was born in the United States, the son of a popular cleric. Even though he’s an American citizen, he’s placed on a watchlist to be summarily detained in the event of a national emergency. Of all similar suspects, the head of FBI domestic intelligence thinks he’s “the most dangerous,” at least “from the standpoint of … national security.”

Is this a lone wolf in league with foreign sponsors of terrorism? No: This was the life of Martin Luther King Jr. That FBI assessment was dated Aug. 30, 1963—two days after King told our country that he had a dream…

…Across our history and to this day, people of color have been the disproportionate victims of unjust surveillance; Hoover was no aberration. And while racism has played its ugly part, the justification for this monitoring was the same we hear today: national security.

The FBI’s violations against King were undeniably tinged by what historian David Garrow has called “an organizational culture of like-minded white men.” But as Garrow and others have shown, the FBI’s initial wiretap requests—and then–Attorney General Robert Kennedy’s approval of them—were driven by a suspected tie between King and the Communist Party. It wasn’t just King; Cesar Chavez, the labor and civil rights leader, was tracked for years as a result of vague, confidential tips about “a communist background,” as were many others.</p>
history  surveillance 
february 2016 by charlesarthur
Vigilant solutions and the spread of police surveillance » The Atlantic
Conor Friedersdorf:
<p>Throughout the United States—outside private houses, apartment complexes, shopping centers, and businesses with large employee parking lots—a private corporation, Vigilant Solutions, is taking photos of cars and trucks with its vast network of unobtrusive cameras. It retains location data on each of those pictures, and sells it.

It’s happening right now in nearly every major American city.

The company has taken roughly 2.2bn license-plate photos to date. Each month, it captures and permanently stores about 80m additional geotagged images. They may well have photographed your license plate. As a result, your whereabouts at given moments in the past are permanently stored. Vigilant Solutions profits by selling access to this data (and tries to safeguard it against hackers). Your diminished privacy is their product. And the police are their customers.</p>


Sounds a bit similar to the UK police's Automatic Number Plate Reader network, which extends around the UK, except this is historic too. (Then again, the UK's ANPR system probably is too.)
privacy  surveillance 
january 2016 by charlesarthur
Encrypted messaging apps face new scrutiny over possible role in Paris attacks » The New York Times
David Sanger and Nicole Perlroth:
<p>American and French officials say there is still no definitive evidence to back up their presumption that the terrorists who massacred 129 people in Paris used new, difficult-to-crack encryption technologies to organize the plot.

But in interviews, Obama administration officials say the Islamic State has used a range of encryption technologies over the past year and a half, many of which defy cracking by the National Security Agency. Other encryption technologies, the officials hint, are less secure than terrorist and criminal groups may believe, and clearly they want to keep those adversaries guessing which ones the N.S.A. has pierced.

Some of the most powerful technologies are free, easily available encryption apps with names like Signal, Wickr and Telegram, which encode mobile messages from cellphones. Islamic State militants used Telegram two weeks ago to claim responsibility for the crash of the Russian jet in the Sinai Peninsula that killed 224 people, and used it again last week, in Arabic, English and French, to broadcast responsibility for the Paris carnage.</p>


This argument isn't going to go away; it's going to continue between privacy advocates and governments (who are always seeking to surveil and gather). Every incident like that in Paris becomes ammunition, in a near-literal sense.
encryption  surveillance  paris 
november 2015 by charlesarthur
Broadband bills will have to increase to pay for snooper's charter, MPs are warned » Technology | The Guardian
Alex Hern:
<p>For [Matthew] Hare [chief executive of ISP Gigaclear], the other major problem is that separating “metadata” from “content”, as the law mandates for the purposes of mass surveillance, is a very difficult technical challenge.

For a simple connection like a phone call, the difference is easy: information like the number dialled and length of the call is clearly metadata, while the audio transmitted over the line is clearly content. But for a typical internet user, a number of different services are being used at any one time, and they all blur the lines between the two categories.

“The web isn’t a single application, that’s the fundamental problem I’ve got,” Hare said. He outlined a common scenario: “A teenager is currently playing a game using Steam, that’s not a web application … and then they’re broadcasting the game they’re playing using something called Twitch. They may well also be doing a voice call where they’re shouting at their friends, and those are all running simultaneously. At any one time any of those services could drop in, drop out, be replaced.”</p>


MPs discover it isn't just a series of pipes.
internet  surveillance 
november 2015 by charlesarthur
« earlier      
per page:    204080120160

Copy this bookmark:



description:


tags: