Excellent EFF post on failures of Cryptography regulation

The EFF has an excellent article on eight reasons why government regulation of cryptography is a bad idea. The short answer is: the bad guys can easily get it and use it anyway, and it will make security for the rest of us much worse (not including the big brother surveillance  and constitutional issues).

Debate on recording on-duty police

Thanks to David Brin for linking to this article in reason.com about the debate over arresting people for recording active duty police officers. In general the specific law being broken is about making audio recordings without the concent of all parties.

As a privacy advocate, I find this situation puts me in an uncomfortable situation. On the one hand there is concern about the privacy interests of the police officers. On the other hand, this is one of the only ways of demonstrating police abuse or other bad actions. It also acts to balance the playing field where the police are already routinely recording most interactions through the use of dashboard cameras.

The origin of the term surveilance is the latin from sur- "over" + veiller "to watch,". It implies that surveillance is about being watched by those in power (above).

Sousveillance is a term that has been coined recently to describe participant recording, or recording from "below". That feels like a very different thing that should be fine as long as it is not hidden. Especially in circumstances where there is not a clear expectation of privacy.

I guess my solution to the conundrum would be to state that there should be no expectation of privacy on the part of authorities from recording when they are exercising those authorities. The citizens being interacted with would have a possible privacy expectation with respect to recording third parties however.

I am very interested in feedback and other thoughts on this one.

Facebook Introduces "Places" location services

There has been a lot of excitement in the privacy community around the introduction of a social location service by Facebook. Having blown the dust off my test account, I don't really understand all the fuss.

It appears that this capability only applies to mobile devices right now (although I have blogged in the past about the ability to locate your computer). When using the mobile site, or the FaceBook app, there is a button that allows you to "Check In" at your current location. It appears that this is exclusively an overt act, and that nothing is taking place passively in the background.

The privacy defaults (at least for me) were fairly restrictive. My check-in is only shared with "friends" by default. The only really interesting setting was that it defaults to show your location to others who are checked-in at the same location around the same time, but that was easily changed.

The FAQ talks about and links to the privacy settings in a prominent way. It feels strange to say this, but I don't think they have done a bad thing here. Obviously there are major privacy and security implications to telling people where you are all the time, and it may lead to stalking and/or home robberies, but you really have to ask them to do it to you. Caveat emptor.

Of course, none of this should suggest that I have any intention of ever using the service myself.

I note that most of the other social location players, like Gowalla, Yelp, Booyah and Foursquare were at the announcement. This could certainly impact them in a big way, either for good or ill. That seems like the real story, and my thoughts on that are well out of scope for this blog.

Eric Schmidt against Anonymity

In this interview with Eric Schmidt, CEO of Google, comes out very strongly against anonymity starting at about 5:10 in the video. His argument is that: "If you are trying to commit a terrible evil crime it is not obvious that you should be able to do so with complete anonymity." The problem is that absolute and complete anonymity is easy for criminals. There is a robust economy in stolen account, botnets, stolen credit cards, open networks and other capabilities that enable absolute anonymity for anyone willing to violate the law. It is only anonymity for the law abiding that is difficult, and the reason Anonymizer exists. Arguing against anonymity is, for all practical purposes, only arguing against anonymity for legitimate purposes while it thrives for illegitimate purposes.

I will spare you the lecture on the history of anonymity and anonymous speech dating back to the founders of the United States.

BTW, this was delayed for a while while I struggled with getting embedding working within WordPress. It seems to be working now on FireFox, but not when I view in Safari. Please comment with how I am being stupid if you know what is going wrong.

Security of BlackBerry in question

There has been a lot of media coverage of the threats of Saudi Arabia and the UAE to shut down BlackBerry connectivity in their countries unless RIM (the maker of BlackBerry) introduces a back door so they can monitor communications. I have been following this story closely, but wanted to wait until I had all the facts before blogging about it. At this point I don't think I am going to get the whole story. The statements I am seeing are absolutely contradictory and the whole thing is getting really fishy.

UAE/SA say that they need to be able to access BlackBerry communications, but they can't.

RIM says that their technology makes interception impossible because the communications are encrypted end to end between the BES server (located at the users place of business) and the handset. RIM claims not to have access to the decryption keys.

Third parties claim that RIM has arrangements with other countries (including the US and Russia) which allows such access.

RIM responds that this is false and that they don't have this ability.

It looks like RIM and UAE/SA will come to an agreement while both continue to claim that they have not compromised their positions.

The moral of this story is that you should not trust security you can not fully analyze yourself. Anonymizer Universal uses strongly encrypted L2TP VPN technology to secure your information so even if your telecommunications provider is cooperating with surveillance they still can't read the contents of your messages.

Unfortunately Anonymizer Universal does not support BlackBerry yet, but iPhone, Windows, and Mac users are protected.

Google president opposes anonymity.

In an interesting CNET article Google CEO Schmidt talks about how new technologies are going to impact society. One of his comments really struck me. Schmidt said that the only way to handle the new technologies is "much greater transparency and no anonymity." I have not seen the arguments and evidence behind such a bold claim. I would have argued exactly the opposite. We need MORE anonymity for users and more transparency and accountability from data collectors like Google.

Looks like I was right about Apple building a WiFi location database

In April, Apple Ditched Google And Skyhook In Favor Of Its Own Location Databases:

This article reports on Apple's admission that they are building their own location database to replace Skyhook (which is a WiFi location database).

Many of us are now walking around with devices that monitor our environments and report back to the mother ship about them (even if done anonymously).

BBC News - Details of 100m Facebook users collected and published

BBC News - Details of 100m Facebook users collected and published

Ron Bowes wrote some software which scanned through Facebook to capture any unprotected personal information from the website.

The collected data has been compiled in to a huge file which is available over BitTorrent among other free channels.

While the program did not access any protected information, it has exposed any and all users who have not taken the proper steps to restrict access to their Facebook accounts, either through error or lack of knowledge, awareness or prudence.

The fact that it has been captured and distributed also makes it impossible to ever effectively change or remove any of the collected information. It is out there in the wild and out of anyones hands or ability to corral or correct.

This link will download the big (2.79GB) compressed database for you right now using a BitTorrent client (it may break at some point).

UK ISP TalkTalk Monitoring its Customers Online Activity Without Consent

UK ISP TalkTalk Monitoring its Customers Online Activity Without Consent − ISPreview UK:

Here we go again with an ISP monitoring users without consent and collecting information about their activities.

In this case the ISP claims to be doing so as part of a project to improve some future security and parental control services. They say that they are not capturing any data about which users visit what sites, but obviously the capability is there. The ISP did not announce this to their customers and only admitted it after it had been discovered and exposed.

Whether the ISP later decided to start capturing that information, the government makes them start capturing it, or a hacker get in to trick the system in to capturing, there is a real likelihood that users of the TalkTalk broadband service in the UK will have their activities captured.

Once again, this shows that you can't trust your Internet providers. Their business is not privacy and their interests do not run parallel to your privacy interests. Only tools which encrypt your Internet activity, like Anonymizer Universal, can protect you against this kind of surveillance by your ISP.

White House proposes warrantless access to Internet activity records

Privacy Digest reports on a new White House proposal to extend the powers of FBI "national security letters" to include gathering of "electronic communication transactional records". While this may appear to be a small change, the potential impact is huge.

These records include all the header information from emails: To:, From:, Time, and often Subject:.

It may also include a list of the full URLs that you visit.

While it does not include the contents of the messages, this level of detail is often more than enough to discover social networks, relationships, intentions, plans, political affiliations, and more.

The real problem is that there are no checks and balances on national security letters. They are issued by FBI offices on their own authority without review by a judge. Historically, self restraint in the face of this kind of power has never worked well. While judges approve the vast majority of subpoenas and search warrants in a timely manor, they can reject egregious cases and the mere fact of their review causes law enforcement to be more restrained in their use.

From the Privacy Digest article:

The use of the national security letters to obtain personal data on Americans has prompted concern. The Justice Department issued 192,500 national security letters from 2003 to 2006, according to a 2008 inspector general report, which did not indicate how many were demands for Internet records. A 2007 IG report found numerous possible violations of FBI regulations, including the issuance of NSLs without having an approved investigation to justify the request. In two cases, the report found, agents used NSLs to request content information "not permitted by the [surveillance] statute."

Declaration29 - EU plan to retain data on all Internet searches

The European Parliament appears to be trying to create a regulation to require search engine companies to retain total information about their user's searches for a period of years. If you are in the EU area, I strongly encourage you to reach out to fight this.

Declaration29: "A group of members of European Parliament is collecting signatures for a Written Declaration that reads: 'The European Parliament [...] Asks the Council and the Commission to implement Directive 2006/24/EC and extend it to search engines in order to tackle online child pornography and sex offending rapidly and effectively'.

The Data Retention Directive 2006/24/EC requires that details on every telephone call, text message, e-mail and Internet connection be recorded for months, for the entire population, in the absence of any suspicion. As to what is wrong with data retention please refer to DRletter. The Written Declaration even wants to extend data retention to search engines, meaning that your search terms could be tracked for months back.

The proposed declaration has been signed by 371 MEPs (list of names here) - and thus reached the 368 members needed to pass it. Many MEPs signed because of the title of the document ('setting up a European early warning system (EWS) for paedophiles and sex offenders'), not knowing that they are endorsing blanket data retention as well. More than 30 MEPs decided to withdraw their signature, one even on the day of adoption."

 

Collection of location info on iPhones and others

Many sites, including the Los Angeles Times are reporting on a change to Apple's privacy policy that allows collection and sharing of "anonymous" location information. The only way to prevent this seems to be completely disabling location services on the iPhone.

It appears that Google's privacy policy allows a similar level of information collection.

Much of the chatter I have seen about this issue talks about targeted advertising and user tracking. While I have no doubt that both companies are very interested in doing that I don't think this particular disclosure is about that. Message targeting is more likely to happen within applications where the user has granted explicit permission to push location based advertising and alerts.

I think this is all about improving Enhanced GPS services. My guess (and it is just a guess at this point) is that the phones are reporting back GPS location, Cell tower IDs and signal strength, and all visible WiFi base stations and signal strengths. Given enough of these sets of measurements, they can provide extremely accurate location information given only WiFi information (which takes much less power than GPS and also works indoors). It has been well established that multiple companies, including Google, are building such databases from trucks driving around the world (see my last post).

One purely anecdotal data point I have is from my WiFi only iPad. For background, I live on a fairly large lot and the only WiFi I can detect is my own. One of the first things I did with the new iPad was to open up the map application. It almost instantly centered the location reticule on my house. The only available location information was from the WiFi. I know that the Street View truck has never been through my neighborhood, and doubt that any others have been. My suspicion is that phones used within my house have been providing the correlating data between my physical location and my personal WiFi base station hardware ID.

Google "Street View" vans intercepted sensitive data

Cnet (among others) reports on Google's interception of personal information from open WiFi nodes, including passwords and e-mail.

Clearly it was poor practice for Google to be capturing and recording such information as they drove around, but the real news should be that the information was there to be captured. The intent of the monitoring of WiFi seems to be collecting the locations of WiFi base stations to improve enhanced GPS location services. This works by having your device upload a list of all the WiFi base stations it can see (along with signal strength) which the service then looks up in a database to determine your location. This requires the service to have a database of the physical location of an enormous number of WiFi base stations.

To do this, all Google would have needed to capture was the hardware address of each device. Instead they captured some of the actual data being sent back and forth as well.

It turns out that this is incredibly easy. With many of the WiFi chipsets built in to personal computers, laptops and USB adapters, one can easily download free software that will start intercepting open WiFi traffic with a single click.

The shocking news should not be that Google accidentally got this information but that anyone with bad intent could do it to you. Anonymizer will soon be releasing a video we did a few weeks back showing how someone could take control of your Facebook account using an open WiFi and almost no technical expertise at all.

If the connection between you and a website, email server, or other service is un-encrypted, then anyone near you can intercept it if you are using an open WiFi.

To be clear, open WiFi means that the underlying connection is un-encrypted. Many public WiFi sites have a login page. This is to manage usage, and provides no security to you at all.

If you get a connection before you type in a password, especially if you see a web page before you type a password, then you should assume you are on an insecure connection and therefor vulnerable.