Privacy

Researchers at Georgia Tech have come up with a technology for preventing video cameras from working. The setup uses sensors to detect cameras from the reflectivity and shape of CCD sensors (or is it actually detecting the lens?), then directs a beam of light (potentially a laser) at the CCDs to prevent it from recording images. The prospective uses they suggest include prevention of piracy in movie theaters and as a countermeasure against espionage. Their small-area technology is apparently close to ready for commercialization, but the large-area version still has a ways to go. The camera-neutralization technology “may never work against single-lens reflex cameras." Let’s hope it doesn’t become a technology used to prevent the documentation of abuses, governmental or otherwise.

Salon.com has a new article on a room in an AT&T facility in Bridgeton, MO (a St. Louis suburb) that may be an NSA interception facility. The room is protected by a man trap and biometric security, and the AT&T employees who are permitted to enter it had to get Top Secret security clearances. The work orders for setting up a similar room in a San Francisco AT&T office, reported by former AT&T worker Mark Klein, came from Bridgeton. The Electronic Frontier Foundation has an ongoing class-action lawsuit against AT&T over its involvement in illegal NSA wiretapping.

Ben Edelman continues his valuable research with an exposure of Hula Direct’s “banner farms” which are being used to display banner ads through popups, driven by spyware installations: Hula cannot write off its spyware-sourced traffic as a mere anomaly or glitch. I have received Hula popups from multiple spyware programs over many months. Throughout that period, I have never arrived at any Hula site in any way other than from spyware – never as a popup or popunder served on any bona fide web site, in my personal casual web surfing or in my professional examination of web sites and advertising practices. From these facts, I can only conclude that spyware popups are a substantial source of traffic to Hula’s sites.Edelman also notes that most of Hula’s ads include JavaScript code or HTML refresh meta tags to automatically reload the ads fairly quickly. The effect is to display more ads, and to show the ads for a shorter time than the advertisers are expecting. Hula doesn’t have a direct relationship with its advertisers (Edelman notes the relationships of cash and traffic flow), but they are being complacent and allowing it to happen. Some of the advertisers: Vonage, Verizon, Circuit City. Finally, Edelman notes that some of the ad networks being used by Hula have taken notice and started to take action. One ad network, Red McCombs Media, refused to pay a $200,000+ bill from Hula and has been sued by them for breach of contract. ...

The Baltimore Sun has reported on a shelved 1990s NSA program to collect and analyze phone records which had the following features: Used more sophisticated methods of sorting through massive phone and e-mail data to identify suspect communications. Identified U.S. phone numbers and other communications data and encrypted them to ensure caller privacy. * Employed an automated auditing system to monitor how analysts handled the information, in order to prevent misuse and improve efficiency. ...

Details of AT&T’s cooperation with the National Security Agency are beginning to emerge as a result of the Electronic Frontier Foundation’s lawsuit against AT&T, as described by Wired: AT&T provided National Security Agency eavesdroppers with full access to its customers’ phone calls, and shunted its customers’ internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation’s lawsuit against the company. ...

John Markoff has a story in the New York Times about AT&T’s “Daytona” database, which has a record of 1.9 trillion calls from over the last several decades. The Electronic Frontier Foundation, which has filed a lawsuit against AT&T for cooperating with the NSA’s warrantless interception program, asserts that this database has been used by the NSA for data mining. “Checking every phone call ever made is an example of old think,” he said. ...

Bruce Schneier reports on the technical details of how about 100 Greek politicians and offices, including the U.S. Embassy in Athens and the Greek prime minister, were illictly tapped. What was originally referred to as “malicious code” turned out to be eavesdropping code in Vodafone’s mobile phone software that was present for law enforcement interception. The same kind of code is present in U.S. phone switches as required by CALEA. As Schneier points out, “when you build surveillance mechanisms into communication systems, you invite the bad guys to use those mechanisms for their own purposes.”

Via Steve’s No Direction Home Page: Apparently presidential wiretapping is frowned upon–when it’s done by Clinton. Some of the reader comments are hilarious, viz.: “Any chance of Bush rolling some of this back?" “As quietly as possible (although it sometimes breaks out into the open, usually with the sound of gunfire and the death of innocents), a “shadow government” has been set up all around us my friend. It’s foundation is not the constitution, but Executive Orders, Presidential Procalamations, Secret Acts, and Emergency Powers." “This is wherein the danger lies in the precedent set by the Clinton criminal administration. God only knows who will be in power next, but there are no checks and balances anymore. This is exactly the SORT of thing I’ve been protesting all along. Libs just don’t see this!" ...

Security and cryptography expert Bruce Schneier gave a talk yesterday to the ACLU Washington’s membership conference at which he argued that massive automated wiretapping generates too many false alarms to be useful, as described in the Seattle Times. As a commenter on Schneier’s blog notes, mathematician John Allen Paulos (author of Innumeracy and A Mathematician Plays the Stock Market, both of which I highly recommend), writing in a New York Times op-ed titled “Panning for Terrorists,” makes the same point. The problem is essentially the same one that makes it pointless to engage in programs of blanket drug-testing of grade school children or mandatory HIV testing in order to obtain a marriage license–the population being tested contains such a small number of people who meet the criteria being tested for, which means that even a highly accurate test returns vastly more false positives than true positives. Paulos points out that a 99-percent-accurate sorting mechanism for detecting terrorist conversations, on a population of 300 million Americans that includes one-in-a-million with terrorist ties (300) will identify 297 of them, along with 3 million innocent Americans. That’s 297 true positives and 3 million false positives, producing a new sample population that is .009% terrorists and 99.99% innocent Americans who may be wrongly investigated.

The ACLU has filed a lawsuit against the NSA asking for an injunction against warrantless interception of communications to international destinations. The plaintiffs include James Bamford (author of The Puzzle Palace, Body of Secrets, and A Pretext for War), Christopher Hitchens, Greenpeace, Larry Diamond of the Hoover Institution, the Council on American-Islamic Relations, the National Association of Criminal Defense Lawyers, and others.