Mass Surveillance

From WikiCorporates
Jump to navigation Jump to search

Biometric IDs

  • Oct.29.2018: ePassport gates to ease travel for passengers from more countries. Millions more people will be able to use ePassport gates as they arrive in the UK, under plans announced in the Budget on Oct.29.2018. From summer 2019, eligible travellers from Australia, Canada, Japan, New Zealand and the United States will be able to use the ePassport gates at 14 ports, both in the UK and at Eurostar terminals at Brussels and Paris. ePassport gates use facial recognition technology to compare the passenger’s face to the digital image recorded in their passport. The system is monitored by Border Force officers and anyone rejected by the gates will be sent to an alternative channel to have their passport checked. The move is the next step in the govt’s continuing programme of work to roll out digital technology at the border Border Force, UK Visas and Immigration, Gov.uk.

Digital IDs

  • Jun.09.2018: Ben Wallace: we don’t set out to kill terrorists. This week the govt published its new counter-terrorism strategy. Although civil liberties campaigners criticised the plans to hand details about suspected extremists to local officials, Ben Wallace insists the measures are a proportionate response to a real and present danger. “This is not Big Brother asking everyone to report everything,” he says. “You could guarantee security by locking everyone who is a potential threat up. Or you could guarantee total human rights and anyone being able to inspire hate whenever they want. It’s about getting the balance right.” The internet has, he says, made it much harder for the authorities to keep up with the extremists who are radicalising people. In the old days, a terrorist would have had to share information on how to make a bomb on a piece of paper, now they can look up instructions online. The govt must do more, but so should technology companies, he insists. Although online child abuse is regularly reported to the authorities, the big internet companies are less proactive in handing over extremist material to the police. “They have a mindset of resist. When I say, ‘How much do you report to the authorities?’ they don’t see it as their place.” There is, in his view, a choice to be made about the online world. “You can have the wild west or a civilised society. When I see what paedophiles do to target children, when I see the amount of online fraud and the hate on social media, you think, how much we are going to accept all this?” Mr Wallace wants a digital verification system, to end the online anonymity. Companies such as WhatsApp should also repay society for the negative impact of their technology. So was it irresponsible for Gavin Williamson defence secretary to suggest that “a dead terrorist can’t cause any harm to Britain?” The govt intends to do more to clamp down on “dirty money”, including the wealth of oligarchs, he says. The next step is to go after the “facilitators” — accountants, lawyers and estate agents who enable those who live in luxury on the proceeds of crime. small bio in here. Alice Thomson, Rachel Sylvester, The Times. See also Digital IDs to end online mob rule and anonymity
  • Jun.04.2018: 'Tesco probably knows more about me than GCHQ': Infosec boffins on surveillance capitalism. Privacy of medical data and the machinations of surveillance capitalism were under the spotlight at a Cambridge University symposium last week. Much of the day-long event, marking the 20th anniversary of think tank the Foundation for Information Policy Research (FIPR), was spent debating state-backed surveillance in its many forms from bulk data interception to equipment interference. But the discussions also touched upon how privacy was affected by large internet giants. The systematic data collection by intel agencies has been facilitated by the business models of companies like Facebook and Google. The internet habits of hundreds of millions are collected by these firms in the interests of targeting ads and this data also provides a high source of intelligence for governments as well as presenting a privacy risk in its own right. There was little appetite among speakers, who took a generally libertarian view, for tighter regulation against the likes of Facebook, much less dismemberment of the privacy-chaffing social network. Wendy Grossman pointed out that data downloads from Facebook only include information that people have given directly. But Ian Levy, technical director of the National Cyber Security Centre, the defensive arm of GCHQ, argued that there have been hundreds of SMB vulnerabilities and hacks over the years, and the Eternal Blue exploit abused by WannaCry was just another. FIPR launched in May 1998 ahead of the UK's Regulation of Investigatory Powers Act (2000). Its work helped the curb some of the most privacy-threatening aspects of the surveillance legislation. FIPR head Ross Anderson said it isn't a campaigning organisation as such but a think tank that provides the ammunition for others to use. As well as organising conferences on surveillance, FIPR has researched myriad issues involving privacy, digital rights and cybercrime, and acted as midwife to UK health data privacy advocate medConfidential. No2ID John Leyden, The Register.

The Cloud Act 2018

  • Apr.01.2018: Facebook is not only threat to our privacy. On Mar.23, the US Congress passed the Cloud Act — short for the Clarifying Lawful Overseas Use of Data Act. The legislation granted sweeping new powers to law enforcement and governments around the world, including Britain, to harvest and use for prosecution the private online information of their citizens. For the first time, police in Britain and elsewhere will be able to obtain real-time online data stored in America by Facebook, Google, Slack and other internet giants — something that previously would have been a criminal offence. The Cloud Act, which has been heavily criticised by privacy campaigners, raises fundamental questions over how the data trail we leave behind on the internet is handled. It allows the US justice department, for the first time, to strike one-to-one deals with foreign governments to allow instant access to private citizens’ data stored on overseas servers. Access can be given to every level of law enforcement, from local police to national govts, without notice to those being monitored. The UK government was a key partner in creating the system, which privacy campaigners at the Electronic Frontier Foundation (EFF) have labelled a “dangerous expansion of police snooping on cross-border data”. The framework replaces so-called mutual legal assistance treaties — tightly focused agreements between two countries that must be approved by a two-thirds majority in the Senate. More than 20 human rights organisations, including Human Rights Watch and Amnesty International, opposed the Cloud Act. The first such agreement has been drafted with Britain, though the final version has not yet been publicised or signed. This is significant because in 2016 parliament passed the Investigatory Powers Act — the “Snoopers’ Charter” — which gave the govt new and far-reaching access to personal data. “Britain is the first mover,” Nojeim said. “After the agreement is in place, British authorities will be able to access email and other communications content of virtually any British citizen in the world. Never before have they had any ability to get real-time intercepts from Facebook, Google, Yahoo, Microsoft, etc. This is enormous,” said Nojeim. There are safeguards, though critics claim they are weak. Apple, Google, Facebook and Microsoft, along with Yahoo-owner Oath, signed a letter in February in support of the law, claiming it would create a “concrete path” for govts to enter “modern bilateral agreements with nations that better protect customers”. Europe’s new data privacy regime will do nothing to curtail snooping powers. The General Data Protection Regulation, restricting how industry can use consumers’ data, comes into effect on May 25. Yet it has a carve-out for exactly the type of bilateral deals between govts envisaged by the Cloud Act. Danny Fortson, The Times.

Facial Recognition

  • Aug.20.2020: UK Says South Wales Police's Facial Recognition Program Is Unlawful. The South Wales Police has been deploying a pretty awful facial recognition program for a few years now. Back in 2018, documents obtained by Wired showed its test deployment at multiple events attended by thousands was mostly a mistake. The system did ring up 173 hits, but it also delivered nearly 2,300 false positives. In other words, it was wrong about 92% of the time. Fortunately, Bridges has prevailed at the next level. The Court of Appeal has ruled in favor of Bridges and against the SWP's mini-panopticon. Tim Cushing, Techdirt.
  • Dec.15.2018: Face it, you’ll never escape Big Brother. From pop concerts in LA to Chinese state surveillance, facial recognition is a growing threat to privacy. Some 90,000 people crammed into the Rose Bowl in Los Angeles in May to watch Taylor Swift perform. What they did not know, however, was that Taylor Swift was also watching them. A kiosk at the venue, where fans could stop to view videos of the singer, was using face recognition technology to send images to a “command post” in Nashville, where these were cross-referenced with a database of people identified as potential stalkers. Facial recognition technology is spreading virtually without regulation. Britain has some of the highest density of surveillance in the world, with 5.9 million CCTV cameras, 500,000 in London alone. Unlike fingerprints, faces can be recorded and stored without the knowledge of the target, enabling remote surveillance. The technology is widely deployed by law-enforcement agencies. Police in London, south Wales, and Leicestershire have begun using the technology, with limited success, to scan crowds for “subjects of interest”. A system that can identify and track citizens, monitoring where they go, what they do and who they meet poses a fundamental threat to individual privacy. Nowhere is this truer than in China, where state control and rapid advances in recognition technology are creating an Orwellian world of permanent surveillance. China recently launched its “Sharp Eyes” monitoring system, an all-embracing surveillance network correlating security cameras in public and private spaces with the national database of faces. By 2020, Beijing predicts the system will be “omnipresent, fully networked, always working and fully controllable”. China is simultaneously developing gait recognition technology. Even if citizens manage to hide their faces with false beards, hats or so-called “privacy visor glasses” that make the face unrecognisable to technology, they can still be identified by their walk. Ben Macintyre, The Times.
  • Jun.01.2018: Ding-dong over Google doorbell that recognises faces. Google is bringing doorbells equipped with facial-recognition cameras to Britain’s suburbs, raising concerns about invasion of privacy. As with other internet-connected bells, the £230 system detects visitors as they approach the house and streams footage to the owner’s phone. ...has alarmed privacy campaigners. Jim Killock, of the Open Rights Group. The doorbell will go on sale next month. Google indicated that purchasers would be responsible for ensuring that they used the devices lawfully. Mark Bridge, The Times.
  • May.25.2018: Can facial recognition fit with a fair society? Computers are getting ever better at recognising different faces - but on this week's Tech Tent we ask whether facial recognition technology is just too big a threat to privacy. This week American Civil Liberties Union, the rights group, urged Amazon to stop providing its [Amazon#Rekognition Rory Cellan-Jones, BBC News.
  • May.15.2018: Police facial recognition trials failing. Elizabeth Denham, the Information Commissioner, warned last night of a loss of public trust in police facial recognition technology as figures from the biggest force showed that 98 per cent of “matches” found by the software were wrong. She is investigating the proportionality of forces holding 19m images on the police national computer of people photographed when taken into custody. The images include those never charged with an offence. Big Brother Watch called for use of facial recognition software by the police to be abandoned. Figures revealed to the privacy campaigners in response to FoI requests showed that, for the Metropolitan Police, 98% of “matches” were wrong, and for South Wales Police the figure was 91%. Richard Ford, The Times.
  • Jan.26.2018: Three Fascinating Search Engines That Search For Faces. Wherever you go, your face exposes you. Facial recognition in combination with surveillance cameras is a powerful tool that can track your every step. 1. Google Images Search — Reverse Face Search. 2. PicTriev — Face Recognition. 3. PimEyes — Face Search. (some good links in here to follow up on). Tina Sieber, MakeUseOf.

Mass Data Interception

Authorities authorised to access Internet records

Authorities allowed to access Internet connection records without a warrant under the Snooper's Charter 2016Wikipedia-W.svg.ref

  • Dec.08.2018: GCHQ boosts powers to launch mass data hacking. GCHQ is to significantly increase their use of large-scale data hacking after claiming that more targeted operations are being rendered obsolete by technology. The move, which has alarmed civil liberty groups, will see an expansion in what is known as the “bulk equipment interference (EI) regime” – the process by which GCHQ can target entire communication networks overseas in a bid to identify individuals who pose a threat to national security. A letter from the security minister, Ben Wallace, to the head of the intelligence and security committee, Dominic Grieve, quietly filed in the House of Commons library last week, states: “Following a review of current operational and technical realities, GCHQ have … determined that it will be necessary to conduct a higher proportion of ongoing overseas focused operational activity using the bulk EI regime than was originally envisaged.” “The bulk equipment interference power permits the UK intelligence services to hack at scale by allowing a single warrant to cover entire classes of property, persons or conduct,” explained Scarlet Kim, legal officer at Privacy International, which has taken the government to court over GCHQ’s hacking activities abroad. “It also gives nearly unfettered powers to the intelligence services to decide who and when to hack.” Hacking is not just directed at computers and phones, but can target communications networks and their underlying infrastructure, permitting surveillance against whole groups or countries, or across numerous jurisdictions.” The Guardian.
  • Sept.14.2018: Government’s mass surveillance of emails was illegal. The European Court of Human Rights has ruled the UK’s mass interception programmes allowing untargeted surveillance of people’s emails and internet use breaches individuals’ rights to privacy. The court found that Britain’s bulk interception regimes, as revealed by Edward Snowden, were untargeted and lacked oversight and that safeguards were not “sufficiently robust to provide adequate guarantees against abuse”. The case was started in 2013 by the campaign groups Big Brother Watch, English PEN, Open Rights Group and computer science expert Dr Constanze Kurz following Mr Snowden’s revelation of GCHQ mass spying. The govt passed the Investigatory Powers Act (IPA) in Nov.2016, replacing the contested RIPA powers and putting mass surveillance powers on a statutory footing. The mass spying programmes included Tempora, a bulk data store of all internet traffic; Karma Police, a catalogue including “a web browsing profile for every visible user on the internet”; and Black Hole, a repository of more than one trillion events including internet histories, email and instant messenger records, search engine queries and social media activity. “Under the guise of counterterrorism the UK has adopted the most authoritarian surveillance regime of any western state, corroding democracy itself and the rights of the British public." Frances Gibb, The Times.

The Snowden disclosures revealed:

  1. The UK bulk interception (collection) of internet traffic transiting undersea fibre optic cables landing in the UK, and
  2. UK access to the information gathered by the US through its various bulk surveillance programs.

Privacy International and 9 other NGOs brought a legal complaint to the Investigatory Powers Tribunal (IPT) in Jul.2013. In Dec.2014, the IPT held that both UK bulk interception and UK access to US bulk surveillance were lawful in principle. In Feb.2015, the IPT determined that the UK access to US bulk surveillance was unlawful prior to the IPT's Dec.2014 judgment because the legal framework governing such access was secret. In Jun.2015, the IPT found that the govt had conducted unlawful surveillance on two NGO claimants – Amnesty International and the Legal Resources Centre. The NGOs appealed to the European Court of Human Rights, who found that our rights have indeed been breached. Bad enough our own govt spying on us - but they share this data with others - the Five Eyes countries; and we have no say or control over what happens to it.
The I've got nothing to hide argument: It is one of the most important principles in a democracy that if a govt wants to spy on you, it needs a legitimate reason for doing so. The starting premise must and should be that the govt needs to justify an intrusion into your rights, not that they automatically have the power to spy on everyone "just in case". For example, if a govt is monitoring everyone's communications, it makes people think twice about expressing themselves. link

  • Nov.17.2014: The FBI Doesn’t Need More Access: We’re Already in the Golden Age of Surveillance. Govt agencies have unprecedented access to our location information now that we all carry cellphones. In addition, there are myriad new databases that create digital dossiers about our lives. Even if police have difficulty getting into a smartphone, the relevant evidence very often is available from the cloud provider. If govt agencies were offered the choice of current capabilities or pre-Internet capabilities, they would overwhelmingly prefer their surveillance abilities today. The availability of such powerful tools for collecting information means that there is no emergency to justify the built-in surveillance back doors (or front doors) that govts are pushing for. If there are backdoors or limits on effective encryption, then the security of global communications is only as strong as the security in the "least trusted country", thanks to the interconnected nature of our global communications system. Other countries will demand the same backdoors available to the U.S. government, with consequent risks to human rights. At the end of the day, building surveillance back doors into our technology will threaten our security, not enhance it. Peter Swire, Huang Professor of Law and Ethics, Just Security.

Identity Cards

  • Aug.02.2018: ID cards could give us greater freedom. The future of our borders policy after Brexit will force us to look at introducing national identity cards. Had ID cards been universal, the position of the Windrush generation would have been safeguarded. If we can accept that ID cards do not constitute an assault on civil liberties, we can also be open to the other ways they could make life so much easier. As Labour and Conservative MPs, we have long held the view that Britain needs its own ID card scheme. We will be taking this proposal further by tabling a motion for debate in the House of Commons. Frank Field, Nicholas Soames, The Times. Comment: A national ID card scheme would require a national database holding the details of all people with a right to be in the UK. There is no doubt that such a database would be an ideal basis on which a malign govt could build an oppressive state with dire consequences for us all. The risk of this happening may seem small, but it would be complacent and naive to ignore it given the magnitude of the cost to us all if it should ever happen. In my view, the best defence against such a risk is not to allow such a database to be built in the first place.

Licence Plate Tracking

  • Jan.26.2018: ICE is about to start tracking license plates across the US. The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians. Russell Brandom, The Verge.

Encryption Backdoors

  • Dec.05.2017: Surveillance States: Germany Wants Tech Companies to Be Legally Required to Offer Backdoor Access. Following demands by the United States and the British government, Germany too now wants to have backdoor access to tech products. Officials are going to submit a proposed law for debate this week that could potentially force tech and auto companies to provide intelligence agencies with access to their products and services. Investigators are unable to have warrantless searches since smart devices alert their owners before officers could get access to their devices. Thomas de Maizière, Germany’s Interior Minister, wants to force companies to not send out these alerts or enable agencies to intercept these warnings and stop them from reaching suspects. Germany also wants to get official powers that would enable authorities to hack or have access to remote computers. However, this kind of “legal access” could also be used to intercept any and all traffic effectively turning Germany into a surveillance state that will have snooping powers equal to the NSA in the US and the GCHQ in the UK – and all of that legally. Intelligence agencies and governments have continued to miss the point that having a backdoor weakens user security and actually helps criminals who could potentially use those same backdoors to bypass authorities or expand their crime-kits. “We need to think really hard about the fact that we are a country with two dictatorships in its recent history,” Konstantin von Notz said. “Do we want to live in a land where there is no privacy and where the state can interfere wherever it is technologically possible?” Rafia Shaikh, WCCF Tech.
  • Jan.25.2018: Senator Ron Wyden Demands FBI Director Christopher Wray Explain His Encryption Backdoor Bullshit. One US senator is calling out the director of the Federal Bureau of Investigation for pushing the moronic notion that there is somehow a good way to add backdoors to encryption used to protect devices like Apple’s iPhone. The argument, made by Wray and other officials before him, is that the tech industry’s best and brightest are just being recalcitrant and could offer up a golden key for law enforcement to access encrypted communications if they really wanted to. After all, these are the people that created self-driving cars, the thinking goes. Why can’t they break encryption in a good way while they’re at it? Wyden: "Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers. For years, these experts have repeatedly stated that what you are asking for is not, in fact, possible. Building secure software is extremely difficult, and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely." Kate Conger, Gizmodo.
  • Jan.25.2018: Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors. Speaking at the World Economic Forum (WEF) in Davos, Switzerland, Theresa May has reiterated calls for a special magic version of encryption to be developed by technologists so law enforcement can access everyone's communications on demand – and somehow engineer it so that no one else can abuse this backdoor. Kieren McCarthy, The Register.

CCTV Articles

  • Jan.09.2018: While Theresa May’s reshuffle collapsed, another scandal hit the government. While Theresa May ‘reshuffled‘ her cabinet her govt faced repeated criticism from top adviser Tony Porter. It was over policy protecting every person in the UK: CCTV laws. Porter, the man in charge, branded current legislation as “woefully inadequate”, “not acceptable”, and “nonsense”. There are holes in how CCTV is monitored and regulated. He believes ANPR is misreading up to 1.2m number plates a day. He is "Concerned at the incrementally intrusive development of surveillance cameras in the everyday lives of citizens." Steve Topple, The Canary.

USA

  • A new report by @hrw details the DEA getting tips from mass surveillance systems (including the NSA) as part of "parallel construction". Those tips are secretly given to local cops and hidden from judges & defendants. @LucyParsonsLabs
  • 2018.01.09: Secret Origins of Evidence in US Criminal Cases. In the United States today, a growing body of evidence suggests that the federal govt is deliberately concealing methods used by intelligence or law enforcement agencies to identify or investigate suspects — including methods that may be illegal. It does so by creating a different story about how agents discovered the information, and as a result, people may be imprisoned without ever knowing enough to challenge the potentially rights-violating origins of the cases against them. Through a practice known as “parallel construction,” an official who wishes to keep an investigative activity hidden from courts and defendants—and ultimately from the public — can simply go through the motions of re-discovering evidence in some other way. Of particular concern is the potential use of parallel construction to hide intelligence surveillance programs. Dark Side
  • 2014.02.03: DEA teaches agents to recreate evidence chains to hide methods. Trainers justify parallel construction on national security and PR grounds: "Americans don’t like it". MuckRock Shawn Musgrave

Associated Groups