House panel votes to mandate massive user tracking

House panel approves broadened ISP snooping bill | Privacy Inc. - CNET News

Declan McCullagh of CNET is reporting on a bill to require ISPs to maintain massive records on their users. According to the article this bill requires commercial Internet providers to retain "customers' names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses".

They are calling it the "Protecting Children From Internet Pornographers Act of 2011" in a flagrent attempt to make it politically difficult to vote against it even though the bill has noting directly to do with Internet pornography or protecting children.

Were this bill to become law, it might cause real problems for the growth of public Wi-Fi where there is no user authentication. That would be a huge leap backwards for a very possitive trend of late.

Of course, criminals will continue to be trivially able to circumvent such tracking efforts making this primarily a mechanism for gathering information on innocent persons without any hint of suspicion or probably cause.

It is absolutely un-American to require every citizen to submit to continuous tracking and monitoring on the possibility that some tiny fraction of us will commit a crime. Law enforcement always lobbies hard for such provisions. Make sure your voice is heard that you value your privacy and your rights.

Contact your Representitive and Senators if this is something you feel strongly about.

Matt Blaze: Wiretapping and Cryptography Today

Matt Blaze analyzes why the widespread use of cryptography has had almsost no impact on our practical ability to do wiretaps and gather information under legitimate court orders. Not too technical and absolutely worth a read.

Matt Blaze: Wiretapping and Cryptography Today:

The difficulty of identifying attackers on the Internet and why it is impossible to fix.

This article in Scientific American does a nice job of describing why it is difficult to track attacks back to their true origins. This essay by Bruce Schneier goes farther arguing that it is fundamentally impossible to create an Internet without anonymity.

The core point of both articles is that identifying the computer that a given packet came from is not the same as identifying the sender. The computer could be a server set up to enable anonymous communications (like, it could be a compromised computer (like part of a botnet), or even a server run by the attacker purchased using pre-paid or stolen credit cards.

Whatever the mechanism, it will always be possible for attackers to hide their identities and activities. The real question is the degree to which we are willing to design the Internet to make tracking and monitoring of citizens easy for repressive regimes.

Using Language Patterns to Pierce Anonymity

Thanks to Bruce Schneier for linking to this interesting article on using patterns in language to identify the author of emails. While the technique would not allow them to identify your anonymous emails in an ocean of others, that is rarely the real world threat scenario.

In many cases there is a relative hand full of likely authors of a given email or group of emails. It is often possible to gather large samples of emails known and acknowledged to be from the likely authors. In that case this technique has a small group of targets and excellent training materials which allow for very high levels of accuracy (the authors of the paper claim 80% - 90%). That is probably enough to get a warrant to search your home and computers.

Unless you have been unusually careful, the gig is probably up by then. Remember, this might not be for criminal matters. It many cases this would come up in whistle blowing or other non-criminal situations.

Amazing power and danger of data retention

This Blog has an interesting article and link to the website of a german newspaper article (translated here).

The story is about a german politician Malte Spitz who sued to obtain the retained cell tower records for his own phone, then provided them to the newspaper. The newspaper has created a nice map and timeline tool to allow you to play Spitz's movements over 6 months. The resolution is impressive and should be a real wake up call about the level of detailed information being gathered on us all.

Of course, if the phone company was capturing GPS or WiFi based location information the data would be much more accurate. While GPS would quickly drain the battery, many modern phones have WiFi enabled all the time, so that information would be readily available without any additional impact on the phone's performance.

Excellent EFF post on failures of Cryptography regulation

The EFF has an excellent article on eight reasons why government regulation of cryptography is a bad idea. The short answer is: the bad guys can easily get it and use it anyway, and it will make security for the rest of us much worse (not including the big brother surveillance  and constitutional issues).

RIM averts BlackBerry ban in UAE | Security - CNET News

RIM averts BlackBerry ban in UAE | Security - CNET News The announcement provides very little information about what RIM did to avert the ban, whether they made significant changed (compromises) to their system, or whether the UAE blinked and backed down from the threatened ban.

India continues move towards surveillance state

India to Monitor Google and Skype - As an extension of their policy of pushing for access to encrypted communications on RIM BlackBerry devices, they are now demanding access to data from both Google and Skype. India is demanding that Skype and Google install servers within India so the government can access the information on Indian users.

Obviously bad guys can trivially bypass this through the use of VPNs and by taking care to use servers located outside of India. The real impact will be to open all legitimate Internet users to universal surveillance.

Debate on recording on-duty police

Thanks to David Brin for linking to this article in about the debate over arresting people for recording active duty police officers. In general the specific law being broken is about making audio recordings without the concent of all parties.

As a privacy advocate, I find this situation puts me in an uncomfortable situation. On the one hand there is concern about the privacy interests of the police officers. On the other hand, this is one of the only ways of demonstrating police abuse or other bad actions. It also acts to balance the playing field where the police are already routinely recording most interactions through the use of dashboard cameras.

The origin of the term surveilance is the latin from sur- "over" + veiller "to watch,". It implies that surveillance is about being watched by those in power (above).

Sousveillance is a term that has been coined recently to describe participant recording, or recording from "below". That feels like a very different thing that should be fine as long as it is not hidden. Especially in circumstances where there is not a clear expectation of privacy.

I guess my solution to the conundrum would be to state that there should be no expectation of privacy on the part of authorities from recording when they are exercising those authorities. The citizens being interacted with would have a possible privacy expectation with respect to recording third parties however.

I am very interested in feedback and other thoughts on this one.

Breach in the trust of the global public key infrastructure

In a recent post on Privacy Digest, and an article in the NYTimes, there is a discussion of some major and well known vulnerabilities in the global public key infrastructure (PKI) and some examples of exploitations of that vulnerability.

The issue is with the proliferation of certificate authorities on the Internet, and the low level of oversight on their policies.

Using the web as an example, here is how it works. Embedded in every browser is a list of "certificate authorities". These are companies that are deemed trustworthy to issue and sign website certificates. Website certificates are what allows websites to be authenticated by your browser and enables SSL based secure connections (e.g. to your bank).

These certificate authorities may also be able to delegate their certificate signing authorities to other secondary certificate authority organizations. The list of primary certificate authorities in your browser is long (I count 43 in my copy of Firefox), and who knows how many secondary certificate authorities may be out there. These certificate authorities exist all over the world, and any of them can issue a certificate that your browser will accept as valid.

A malevolent certificate authority could issue certificates to allow them to impersonate any secure website.

The articles talk specifically about a secondary certificate authority called Etisalat, located in the UAE. They created a certificate which allowed them to sign code which would be accepted as valid and authorized by BlackBerry cell phones. They then created and distributed software to about 100,000 users which enabled government surveillance of the devices. RIM, the maker of BlackBerry, was able to detect and patch this introduced back door.

Etisalat could create certificates to allow the UAE to intercept and read all secure web traffic traveling over networks within that country.

It is likely that there are many other certificate authorities that are similarly willing to compromise the security of the PKI for various ends. To date, no action has been taken against Etisalat. The EFF is calling for Verizon to revoke Etisalat's ability to issue certificates (Verizon is the primary authority that delegated to Etisalat as the secondary).

Security of BlackBerry in question

There has been a lot of media coverage of the threats of Saudi Arabia and the UAE to shut down BlackBerry connectivity in their countries unless RIM (the maker of BlackBerry) introduces a back door so they can monitor communications. I have been following this story closely, but wanted to wait until I had all the facts before blogging about it. At this point I don't think I am going to get the whole story. The statements I am seeing are absolutely contradictory and the whole thing is getting really fishy.

UAE/SA say that they need to be able to access BlackBerry communications, but they can't.

RIM says that their technology makes interception impossible because the communications are encrypted end to end between the BES server (located at the users place of business) and the handset. RIM claims not to have access to the decryption keys.

Third parties claim that RIM has arrangements with other countries (including the US and Russia) which allows such access.

RIM responds that this is false and that they don't have this ability.

It looks like RIM and UAE/SA will come to an agreement while both continue to claim that they have not compromised their positions.

The moral of this story is that you should not trust security you can not fully analyze yourself. Anonymizer Universal uses strongly encrypted L2TP VPN technology to secure your information so even if your telecommunications provider is cooperating with surveillance they still can't read the contents of your messages.

Unfortunately Anonymizer Universal does not support BlackBerry yet, but iPhone, Windows, and Mac users are protected.

Google president opposes anonymity.

In an interesting CNET article Google CEO Schmidt talks about how new technologies are going to impact society. One of his comments really struck me. Schmidt said that the only way to handle the new technologies is "much greater transparency and no anonymity." I have not seen the arguments and evidence behind such a bold claim. I would have argued exactly the opposite. We need MORE anonymity for users and more transparency and accountability from data collectors like Google.

Looks like I was right about Apple building a WiFi location database

In April, Apple Ditched Google And Skyhook In Favor Of Its Own Location Databases:

This article reports on Apple's admission that they are building their own location database to replace Skyhook (which is a WiFi location database).

Many of us are now walking around with devices that monitor our environments and report back to the mother ship about them (even if done anonymously).

UK ISP TalkTalk Monitoring its Customers Online Activity Without Consent

UK ISP TalkTalk Monitoring its Customers Online Activity Without Consent − ISPreview UK:

Here we go again with an ISP monitoring users without consent and collecting information about their activities.

In this case the ISP claims to be doing so as part of a project to improve some future security and parental control services. They say that they are not capturing any data about which users visit what sites, but obviously the capability is there. The ISP did not announce this to their customers and only admitted it after it had been discovered and exposed.

Whether the ISP later decided to start capturing that information, the government makes them start capturing it, or a hacker get in to trick the system in to capturing, there is a real likelihood that users of the TalkTalk broadband service in the UK will have their activities captured.

Once again, this shows that you can't trust your Internet providers. Their business is not privacy and their interests do not run parallel to your privacy interests. Only tools which encrypt your Internet activity, like Anonymizer Universal, can protect you against this kind of surveillance by your ISP.

White House proposes warrantless access to Internet activity records

Privacy Digest reports on a new White House proposal to extend the powers of FBI "national security letters" to include gathering of "electronic communication transactional records". While this may appear to be a small change, the potential impact is huge.

These records include all the header information from emails: To:, From:, Time, and often Subject:.

It may also include a list of the full URLs that you visit.

While it does not include the contents of the messages, this level of detail is often more than enough to discover social networks, relationships, intentions, plans, political affiliations, and more.

The real problem is that there are no checks and balances on national security letters. They are issued by FBI offices on their own authority without review by a judge. Historically, self restraint in the face of this kind of power has never worked well. While judges approve the vast majority of subpoenas and search warrants in a timely manor, they can reject egregious cases and the mere fact of their review causes law enforcement to be more restrained in their use.

From the Privacy Digest article:

The use of the national security letters to obtain personal data on Americans has prompted concern. The Justice Department issued 192,500 national security letters from 2003 to 2006, according to a 2008 inspector general report, which did not indicate how many were demands for Internet records. A 2007 IG report found numerous possible violations of FBI regulations, including the issuance of NSLs without having an approved investigation to justify the request. In two cases, the report found, agents used NSLs to request content information "not permitted by the [surveillance] statute."

Declaration29 - EU plan to retain data on all Internet searches

The European Parliament appears to be trying to create a regulation to require search engine companies to retain total information about their user's searches for a period of years. If you are in the EU area, I strongly encourage you to reach out to fight this.

Declaration29: "A group of members of European Parliament is collecting signatures for a Written Declaration that reads: 'The European Parliament [...] Asks the Council and the Commission to implement Directive 2006/24/EC and extend it to search engines in order to tackle online child pornography and sex offending rapidly and effectively'.

The Data Retention Directive 2006/24/EC requires that details on every telephone call, text message, e-mail and Internet connection be recorded for months, for the entire population, in the absence of any suspicion. As to what is wrong with data retention please refer to DRletter. The Written Declaration even wants to extend data retention to search engines, meaning that your search terms could be tracked for months back.

The proposed declaration has been signed by 371 MEPs (list of names here) - and thus reached the 368 members needed to pass it. Many MEPs signed because of the title of the document ('setting up a European early warning system (EWS) for paedophiles and sex offenders'), not knowing that they are endorsing blanket data retention as well. More than 30 MEPs decided to withdraw their signature, one even on the day of adoption."


ISPs will attach your ZIP to all web requests

This Article on is about an initiative by Juniper Networks in collaboration with Feeva to sell a new tracking technology to ISPs.

The enhanced router would be sold to ISPs and will automatically insert your ZIP+4 into HTML headers. This will allow marketers to have much more accurate information about the user's physical location.

They claim that the "consumer is not in any way stripped of their privacy" but fail to actually explain how that is the case. The point is for ISPs to get a piece of the advertising pie. The ZIP will be encoded, not sent in the clear, but will be available to some undefined set of "trusted third parties". That does not give me much comfort.

I have seen many examples of websites which charge different prices based on where you live, or otherwise restrict access to web pages. This kind of targeting does not help me at all. If I want to be located, I have many ways of explicitly telling the site where I am.

This is another example of why you can't trust your ISP. Their interests are not the same as yours. They have a strong incentive to track and monetize your activity.

Fortunately it is easy to take back control. If your traffic is encrypted within a VPN, then the ISP will be unable to insert this information. It gives you the absolute ability to enforce your own "opt out" even if the ISP does not want to give you the option. Anonymizer Universal(TM) provides an easy tool to accomplish this.