Resources

United States’ Department of Homeland Security Will Soon Have Biometric Data On Nearly 260 Million People

The U.S. Department of Homeland Security (DHS) expects to have face, fingerprint, and iris scans of at least 259 million people in its biometrics database by 2022, according to a recent presentation from the agency’s Office of Procurement Operations reviewed by Quartz. That’s about 40 million more than the agency’s 2017 projections, which estimated 220 million unique identities by 2022, according to previous figures cited by the Electronic Frontier Foundation (EFF), a San Francisco-based privacy rights nonprofit.

A slide deck, shared with attendees at an Oct. 30 DHS industry day, includes a breakdown of what its systems currently contain, as well as an estimate of what the next few years will bring. The agency is transitioning from a legacy system called IDENT to a cloud-based system (hosted by Amazon Web Services) known as Homeland Advanced Recognition Technology, or HART. The biometrics collection maintained by DHS is the world’s second-largest, behind only India’s countrywide biometric ID network in size. The traveler data kept by DHS is shared with other U.S. agencies, state and local law enforcement, as well as foreign governments.

Optic Nerve: millions of Yahoo webcam images intercepted by GCHQ

Optic Nerve is a mass surveillance programme run by the British signals intelligence agency Government Communications Headquarters (GCHQ), with help from the US National Security Agency, that surreptitiously collects private webcam still images from users while they are using a Yahoo! webcam application. As an example of the scale, in one 6-month period, the programme is reported to have collected images from 1.8 million Yahoo! user accounts globally. The programme was first reported on in the media in February 2014, from documents leaked by the former National Security Agency contractor Edward Snowden, but dates back to a prototype started in 2008, and was still active in at least 2012.[1][2]

The leaked documents describe the users under surveillance as “unselected”, meaning that data was collected indiscriminately in bulk from users regardless of whether they were an intelligence target or not. The vast majority of affected users would have been completely innocent of any crime or suspicion of a crime.

Amazon’s ‘Ring’ Doorbells Creating A Massive Police Surveillance Network

“Police departments are piggybacking on Ring’s network to build out their surveillance networks…” reports CNET, adding that Ring “helps police avoid roadblocks for surveillance technology, whether a lack of funding or the public’s concerns about privacy.”

While residential neighborhoods aren’t usually lined with security cameras, the smart doorbell’s popularity has essentially created private surveillance networks powered by Amazon and promoted by police departments. Police departments across the country, from major cities like Houston to towns with fewer than 30,000 people, have offered free or discounted Ring doorbells to citizens, sometimes using taxpayer funds to pay for Amazon’s products.

While Ring owners are supposed to have a choice on providing police footage, in some giveaways, police require recipients to turn over footage when requested. Ring said Tuesday that it would start cracking down on those strings attached…

While more surveillance footage in neighborhoods could help police investigate crimes, the sheer number of cameras run by Amazon’s Ring business raises questions about privacy involving both law enforcement and tech giants… More than 50 local police departments across the US have partnered with Ring over the last two years, lauding how the Amazon-owned product allows them to access security footage in areas that typically don’t have cameras — on suburban doorsteps. But privacy advocates argue this partnership gives law enforcement an unprecedented amount of surveillance. “What we have here is a perfect marriage between law enforcement and one of the world’s biggest companies creating conditions for a society that few people would want to be a part of,” said Mohammad Tajsar, staff attorney at the ACLU of Southern California…

Despite its benefits, the relationship between police departments and Ring raises concerns about surveillance and privacy, as Amazon is working with law enforcement to blanket communities with cameras…. “Essentially, we’re creating a culture where everybody is the nosy neighbor looking out the window with their binoculars,” said Dave Maass, a senior investigative researcher at the Electronic Frontier Foundation. “It is creating this giant pool of data that allows the government to analyze our every move, whether or not a crime is being committed.” On a heat map of Bloomfield, there are hardly any spots in the New Jersey township out of sight of a Ring camera.

Tajsar says in some scenarios “they’re basically commandeering people’s homes as surveillance outposts for law enforcement,” and the articles notes that when police departments partner with Ring, “they have access to a law enforcement dashboard, where they can geofence areas and request footage filmed at specific times.”

While law enforcement “can only get footage from the app if residents choose to send it,” if the residents refuse, police can still try to obtain the footage with a subpoena to Amazon’s Ring.

GCHQ mass surveillance violated human rights, court rules

GCHQ’s methods in carrying out bulk interception of online communications violated privacy and failed to provide sufficient surveillance safeguards, the European court of human rights (ECHR) has ruled in a test case judgment.

But the court found that GCHQ’s regime for sharing sensitive digital intelligence with foreign governments was not illegal.

It is the first major challenge to the legality of UK intelligence agencies intercepting private communications in bulk, following Edward Snowden’s whistleblowing revelations. The long-awaited ruling is one of the most comprehensive assessments by the ECHR of the legality of the interception operations operated by UK intelligence agencies.

The case was brought by a coalition of 14 human rights groups, privacy organisations and journalists, including Amnesty International, Liberty, Privacy International and Big Brother Watch. In a statement, published on Amnesty’s website, Lucy Claridge, Amnesty International’s Strategic Litigation Director, said, today’s ruling “represents a significant step forward in the protection of privacy and freedom of expression worldwide. It sends a strong message to the UK Government that its use of extensive surveillance powers is abusive and runs against the very principles that it claims to be defending.” He added: “This is particularly important because of the threat that Government surveillance poses to those who work in human rights and investigative journalism, people who often risk their own lives to speak out. Three years ago, this same case forced the UK Government to admit GCHQ had been spying on Amnesty — a clear sign that our work and the people we work alongside had been put at risk.”

The judges considered three aspects of digital surveillance: bulk interception of communications, intelligence sharing and obtaining of communications data from communications service providers. By a majority of five to two votes, the Strasbourg judges found that GCHQ’s bulk interception regime violated article 8 of the European convention on human rights, which guarantees privacy, because there were said to be insufficient safeguards, and rules governing the selection of “related communications data” were deemed to be inadequate.

Google forming ‘smart cities’

“An ambitious project to blanket New York and London with ultrafast Wi-Fi via so-called “smart kiosks,” which will replace obsolete public telephones, are the work of a Google-backed startup.

Each kiosk is around nine feet high and relatively flat. Each flat side houses a big-screen display that pays for the whole operation with advertising.

Each kiosk provides free, high-speed Wi-Fi for anyone in range. By selecting the Wi-Fi network at one kiosk, and authenticating with an email address, each user will be automatically connected to every other LinkNYC kiosk they get within range of. Eventually, anyone will be able to walk around most of the city without losing the connection to these hotspots.

Wide-angle cameras on each side of the kiosks point up and down the street and sidewalk, approximating a 360-degree view. If a city wants to use those cameras and sensors for surveillance, it can.

Over the next 15 years, the city will go through the other two phases, where sensor data will be processed by artificial intelligence to gain unprecedented insights about traffic, environment and human behavior and eventually use it to intelligently re-direct traffic and shape other city functions.”

The most striking thing about the WikiLeaks CIA data dump is how little most people cared

“On March 7, the US awoke to a fresh cache of internal CIA documents posted on WikiLeaks. They detail the spy organization’s playbook for cracking digital communications.

Snowden’s NSA revelations sent shockwaves around the world. Despite WikiLeaks’ best efforts at theatrics—distributing an encrypted folder and tweeting the password “SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds”—the Vault 7 leak has elicited little more than a shrug from the media and the public, even if the spooks are seriously worried. Maybe it’s because we already assume the government can listen to everything.”

Stare Into The Lights My Pretties

German watchdog tells parents to destroy Wi-Fi-connected doll

“A German government watchdog has ordered parents to “destroy” an internet-connected doll for fear it could be used as a surveillance device. According to a report from BBC News, the German Federal Network Agency said the doll (which contains a microphone and speaker) was equivalent to a “concealed transmitting device” and therefore prohibited under German telecom law.

The doll in question is “My Friend Cayla,” a toy which has already been the target of consumer complaints in the EU and US. In December last year, privacy advocates said the toy recorded kids’ conversations without proper consent, violating the Children’s Online Privacy Protection Act.

Cayla uses a microphone to listen to questions, sending this audio over Wi-Fi to a third-party company (Nuance) that converts it to text. This is then used to search the internet, allowing the doll to answer basic questions, like “What’s a baby kangaroo called?” as well as play games. In addition to privacy concerns over data collection, security researchers found that Cayla can be easily hacked. The doll’s insecure Bluetooth connection can be compromised, letting a third party record audio via the toy, or even speak to children using its voice.

Although the FTC has not yet taken any action against Cayla or its makers Manufacturer Genesis Toys, German data and privacy laws are more stringent than those in America. The legacy of the Stasi, the secret police force that set up one of the most invasive mass-surveillance regimes ever in Communist East Germany, has made the country’s legislators vigilant against such infringements.”

UK “legitimises” illegal mass surveillance by passing new law

The “Investigatory Powers Act,” has been passed into law in the UK, legalising a number of illegal mass surveillance programs revealed by Edward Snowden in 2013. It also introduces new powers to require ISPs to retain browsing data on all customers for 12 months, while giving police new powers to hack into computers and phones and to collect communications data in bulk.

“Jim Killock, executive director of the Open Rights Group, responded…saying: “…it is one of the most extreme surveillance laws ever passed in a democracy. The IP Act will have an impact that goes beyond the UK’s shores. It is likely that other countries, including authoritarian regimes with poor human rights records, will use this law to justify their own intrusive surveillance powers.”

“Much of the Act gives stronger legal footing to the UK’s various bulk powers, including “bulk interception,” which is, in general terms, the collection of internet and phone communications en masse. In June 2013, using documents provided by Edward Snowden, The Guardian revealed that the GCHQ taps fibre-optic undersea cables in order to intercept emails, internet histories, calls, and a wealth of other data.”

Meanwhile, FBI and NSA poised to gain new surveillance powers under Trump.

Snooper Charter allows the State to tell lies in court.

“Charter gives virtually unrestricted powers not only to State spy organisations but also to the police and a host of other government agencies. The operation of the oversight and accountability mechanisms…are all kept firmly out of sight — and, so its authors hope, out of mind — of the public. It is up to the State to volunteer the truth to its victims if the State thinks it has abused its secret powers. “Marking your own homework” is a phrase which does not fully capture this…

Section 56(1)(b) creates a legally guaranteed ability — nay, duty — to lie about even the potential for State hacking to take place, and to tell juries a wholly fictitious story about the true origins of hacked material used against defendants in order to secure criminal convictions. This is incredibly dangerous. Even if you know that the story being told in court is false, you and your legal representatives are now banned from being able to question those falsehoods and cast doubt upon the prosecution story. Potentially, you could be legally bound to go along with lies told in court about your communications — lies told by people whose sole task is to weave a story that will get you sent to prison or fined thousands of pounds.

Moreover, as section 56(4) makes clear, this applies retroactively, ensuring that it is very difficult for criminal offences committed by GCHQ employees and contractors over the years, using powers that were only made legal a fortnight ago, to be brought to light in a meaningful way. It might even be against the law for a solicitor or barrister to mention in court this Reg story by veteran investigative journalist Duncan Campbell about GCHQ’s snooping station in Oman (covered by the section 56(1)(b) wording “interception-related conduct has occurred”) – or large volumes of material published on Wikileaks.

The existence of section 56(4) makes a mockery of the “general privacy protections” in Part 1 of the IPA, which includes various criminal offences. Part 1 was introduced as a sop to privacy advocates horrified at the full extent of the act’s legalisation of intrusive, disruptive and dangerous hacking powers for the State, including powers to force the co-operation of telcos and similar organisations. There is no point in having punishments for lawbreakers if it is illegal to talk about their law-breaking behaviour.

Like the rest of the Snoopers’ Charter, section 56 has become law. Apart from Reg readers and a handful of Twitter slacktivists, nobody cares. The general public neither knows nor cares what abuses and perversions of the law take place in its name. Theresa May and the British government have utterly defeated advocates of privacy and security, completely ignoring those who correctly identify the zero-sum game between freedom and security in favour of those who feel the need to destroy liberty in order to “save” it.

The UK is now a measurably less free country in terms of technological security, permitted speech and ability to resist abuses of power and position by agents of the State, be those shadowy spys, police inspectors and above (ie, shift leaders in your local cop shop) and even food hygiene inspectors – no, really.”

Stare Into The Lights My Pretties

UK security agencies unlawfully collected data for 17 years, court rules

No prosecutions. Instead, those in power are pushing to pass a law to legitimise and continue the same.

“British security agencies have secretly and unlawfully collected massive volumes of confidential personal data, including financial information, on citizens for more than a decade, senior judges have ruled.

The investigatory powers tribunal, which is the only court that hears complaints against MI5, MI6 and GCHQ, said the security services operated an illegal regime to collect vast amounts of communications data, tracking individual phone and web use and other confidential personal information, without adequate safeguards or supervision for 17 years.

Privacy campaigners described the ruling as “one of the most significant indictments of the secret use of the government’s mass surveillance powers” since Edward Snowden first began exposing the extent of British and American state digital surveillance of citizens in 2013.

The tribunal said the regime governing the collection of bulk communications data (BCD) – the who, where, when and what of personal phone and web communications – failed to comply with article 8 protecting the right to privacy of the European convention of human rights (ECHR) between 1998, when it started, and 4 November 2015, when it was made public.

It added that the retention of of bulk personal datasets (BPD) – which might include medical and tax records, individual biographical details, commercial and financial activities, communications and travel data – also failed to comply with article 8 for the decade it was in operation until it was publicly acknowledged in March 2015.”

Baltimore Police took one million surveillance photos of city with secret plane

“Baltimore Police on Friday released data showing that a surveillance plane secretly flew over the city roughly 100 times, taking more than 1 million snapshots of the streets below.

Police held a news conference where they released logs tracking flights of the plane owned and operated by Persistent Surveillance Systems, which is promoting the aerial technology as a cutting-edge crime-fighting tool.

The logs show the plane spent about 314 hours over eight months creating the chronological visual record.

The program began in January and was not initially disclosed to Baltimore’s mayor, city council or other elected officials. Now that it’s public, police say the plane will fly over the city again as a terrorism prevention tool when Fleet Week gets underway on Monday, as well as during the Baltimore Marathon on Oct. 15.

The logs show that the plane made flights ranging between one and five hours long in January and February, June, July and August. The flights stopped on Aug. 7, shortly before the program’s existence was revealed in an article by Bloomberg Businessweek.

The program drew harsh criticism from Baltimore residents, activists and civil liberties groups, who said it violates the privacy rights of an entire city’s people. The city council is planning to hold a hearing on the matter; the ACLU and some state lawmakers are considering introducing legislation to limit the kinds of surveillance programs police can utilize, and mandate public disclosure and discussion beforehand.

Baltimore has been at the epicenter of an evolving conversation about 20th century policing. Last spring, its streets exploded in civil unrest after a young black man’s neck was broken inside a police van.

Freddie Gray’s death added fuel to the national Black Lives Matter movement and exposed more problems in a police department that has been dysfunctional for decades. The department’s shortcomings and tendencies toward discrimination and abuse were later laid bare in a 164-page patterns and practices report by the U.S. Justice Department.

This is not the first time Baltimore has served as a testing ground for surveillance technology. Cell site simulators, also known as Stingray devices, were deployed in the city for years without search warrants to track the movements of suspects in criminal cases. The technology was kept secret under a non-disclosure agreement between the FBI and the police department that barred officers from disclosing any details, even to judges and defense attorneys. The Supreme Court recently ruled that warrantless stingray use is unconstitutional.”

Stare Into The Lights My Pretties

New leaked files reveal more about NSA satellite eavesdropping

Newly published documents have shed more light on the dubious surveillance operations of the United States operating in the UK. The documents detail how the NSA and GCHQ used information gathered by Menwith Hill Station—a massive but tightly sealed facility that intercepts satellite data transmissions worldwide—for targeted killings with drones:

“The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

The NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes.

Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials.”

United States govt directs agents to conceal program used to spy on citizens

A slide from a presentation about a secretive information-sharing program run by the U.S. Drug Enforcement Administration’s Special Operations Division (SOD) is seen in this undated photo. REUTERS/John Shiffman

“A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin – not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to “recreate” the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant’s Constitutional right to a fair trial. If defendants don’t know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence – information that could reveal entrapment, mistakes or biased witnesses.”

Stare Into The Lights My Pretties

FBI says utility-pole surveillance camera locations must be kept secret

“The US Federal Bureau of Investigation has successfully convinced a federal judge to block the disclosure of where the bureau has attached surveillance cams on Seattle utility poles.

However, this privacy dispute highlights a powerful and clandestine tool the authorities are employing across the country to snoop on the public—sometimes with warrants, sometimes without.

The deployment of such video cameras appears to be widespread. What’s more, the Seattle authorities aren’t saying whether they have obtained court warrants to install the surveillance cams.”

“Peter Winn [assistant U.S. attorney in Seattle] wrote to Judge Jones that the location information about the disguised surveillance cams should be withheld because the public might think they are an ‘invasion of privacy.’ Winn also said that revealing the cameras’ locations could threaten the safety of FBI agents. And if the cameras become ‘publicly identifiable,’ Winn said, ‘subjects of the criminal investigation and national security adversaries of the United States will know what to look for to discern whether the FBI is conducting surveillance in a particular location.’

It’s trivially easy to identify you based on records of your phone calls and texts

“Contrary to the claims of America’s top spies, the details of your phone calls and text messages—including when they took place and whom they involved—are no less revealing than the actual contents of those communications.

In a study published online Monday in the journal Proceedings of the National Academy of Sciences, Stanford University researchers demonstrated how they used publicly available sources—like Google searches and the paid background-check service Intelius—to identify “the overwhelming majority” of their 823 volunteers based only on their anonymized call and SMS metadata.

Using data collected through a special Android app, the Stanford researchers determined that they could easily identify people based on their call and message logs.

The results cast doubt on [show as lies] claims by senior intelligence officials that telephone and Internet “metadata”—information about communications, but not the content of those communications—should be subjected to a lower privacy threshold because it is less sensitive.”

Catalogue of US Government Surveillance Devices

The Intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States.

The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

Slides of the catalogue available here, while a stylised version is available here.

Study: The Chilling Effect of Mass Surveillance with Social Media

“Research suggests that widespread awareness of mass surveillance could undermine democracy by making citizens fearful of voicing dissenting opinions in public. A paper published in Journalism and Mass Communication Quarterly, the flagship peer-reviewed journal of the Association for Education in Journalism and Mass Communication (AEJMC), found that “the government’s online surveillance programs may threaten the disclosure of minority views and contribute to the reinforcement of majority opinion.” The NSA’s “ability to surreptitiously monitor the online activities of U.S. citizens may make online opinion climates especially chilly” and “can contribute to the silencing of minority views that provide the bedrock of democratic discourse,” the researcher found.”

“Live Version of Google Earth” used for mass surveillance by police

LA County Sheriff’s Department in Compton, California deploy aerial real-time surveillance, unbeknownst to residents.

The technology is called “Wide Area Surveillance.”