Big Brother

Google: Governments seek more about you than ever

Originally shared by Adam Haberlach Despite the headline, this is not a fluff piece. Google is one of the few companies that actively reports on and provide statistics about the rate at which various governments seek to access your data and restrict your privacy. It’s good to be aware of, folks. http://news.cnet.com/8301-1009_3-20125483-83/google-governments-seek-more-about-you-than-ever/ [Migrated from Google+]

Google: Governments seek more about you than ever Read More »

What does it take to be personally identifiable?

Last week California State Assembly member Michael Duvall (R-Orange County) was caught bragging to a colleague about having an extra-marital affair — next to a live mike. Along with his rather graphic descriptions he happened to mentioned his paramour’s age and birthday, and from this information OC Weekly was able to identify the woman:

“And so her birthday was Monday,” he said at the Wednesday, July 8 committee hearing. “I was 54 on June 14, so for a month, she was 19 years younger than me…”

According to voter-registration records reviewed by the Weekly, veteran Sacramento-based lobbyist Heidi DeJong Barsuglia turned 36 years old on Monday, July 6.

In this case there were other sources who also identified Ms. Barsuglia, and it’s not clear from the story whether OC Weekly actually arrived at her name through voter-registration records or simply used them for corroboration. However, EFF’s Deep Links reports that it’s actually not that hard to identify someone based on a few pieces of seemingly innocuous information like birthday, gender and zip-code:

Gender, ZIP code, and birth date feel anonymous, but Prof. Sweeney was able to identify Governor Weld through them for two reasons. First, each of these facts about an individual (or other kinds of facts we might not usually think of as identifying) independently narrows down the population, so much so that the combination of (gender, ZIP code, birthdate) was unique for about 87% of the U.S. population.

The linked-to abstract also mentions that about half the U.S. population are likely to be uniquely identifiable by only place, gender and date of birth, where place is basically the city, town or municipality where the person resides. And even if a search in a city as big as Sacramento came up with several potential matches, the hit that also happens to be a lobbyist working in an industry under Duvall’s committee would be easy to spot.

What does it take to be personally identifiable? Read More »

Have you seen this man?

interpol-scrambled.jpg interpol-unscrambled.jpg

The picture on the left is cropped from an image of a man sexually abusing children in Vietnam and Cambodia in 2002 or 2003. The face was digitally scrambled, and the image posted to the Net along with about 200 others. The picture on the right is the same picture, digitally unscrambled by Germany’s federal police. Interpol has posted four unscrambled images of the man’s face on their website, and have asked the public at large for help in identifying him. They’ve already reportedly received hundreds of tips.

That part’s pretty cool, and I hope they catch the guy, but I have some trepidation at the idea of casting such a wide net using just a few photographs. Say you know somebody who looks remarkably like this guy — maybe that creepy guy you see on the subway every morning. How likely is it that he really is they guy they’re looking for?

If you were looking for a local criminal, say someone who robbed the neighborhood 7-11, it would probably be pretty likely you’d found the right guy. After all, it’s pretty darned rare for two unrelated people to look so similar that even after close inspection you mistake one for another. The trouble is, even a very rare event becomes extremely likely when you’re sampling the entire world: if there’s only a one-in-a-hundred-million chance that two randomly-chosen people look really similar, then every person on the planet has approximately 67 doppelgangers running around. It’s not that we can’t distinguish between those one-in-a-hundred-million pairs, it’s just that our brains only specialize our ability to recognize things as far as necessary. That’s why people from another part of the world “all look alike” until you actually start to live with them, and why it becomes trivial to distinguish between ‘identical’ twins once you’ve known them for a couple months. But nobody’s brain is specialized enough to distinguish between one-in-a-hundred-million chance similarity, because it never comes up in our lives.

Interpol seems to recognize they’re taking a risk in publishing these photos, and they caution that law enforcement would have to positively identify any suspects (with additional photos and corroborating data at their disposal). Still, I see two risks where innocent look-alikes could get caught up in this. The first is that, regardless of the advice to wait for positive ID, people are naturally going to be suspicious of any look-alike, and may take action. Though fear of terrorism now tops the list, fear of child molesters in our midst will always be right up there in terms of emotion-stirring boogiemen. The second, even more dangerous risk, is that Interpol itself will try to apply their usual “one-in-a-million” criteria for reasonable doubt to a one-in-a-hundred-million situation. That, I’d argue, would repeat the fiasco the FBI created when they arrested a Portland lawyer for the Madrid bombing, based on a close partial-fingerprint match and (presumably) the fact that he was Muslim.

Have you seen this man? Read More »

Things That Fink

Bruce Schneier’s Crypto-Gram points to some impressive work done by researchers at the University of Washington showing how Apple’s Nike + iPod kit can be used to track people. The kit consists of a transmitter that you put in your shoe and a receiver you plug into your iPod. The transmitter wakes up whenever it gets shaken and sends out pedometer info every second, and the receiver then uses that info to give voice and visual feedback on your pace and how far you’ve run. The UW team discovered that each transmitter sends out a unique ID so the receivers can distinguish among several in the area, and then built several PDA-sized units to listen for IDs and log the data either to flash memory or retransmit it over Wi-fi or SMS. They also built software that would trigger a USB camera whenever a particular ID went by, and wrote a visualization tool that shows either historical or real-time overlays of sensor IDs and/or pictures taken on top of Google Maps. Details are in their paper, and they also have a video.

The threat models they lay out aren’t government surveillance so much as jealous/ex-boyfriends and stalkers, and to some extent professional thieves and muggers, unethical organizations tracking their members (or their competition’s members), and stores tracking their customers. Except for muggers (which just involves detecting whether a passing jogger is likely to have an iPod or other cool gadgets on them), all the scenarios they discuss involve the use of a network of their relatively cheap sensors, each one adding a single location to the overall surveillance network. A stalker would place trackers at strategic locations, then wait for them to phone home with the unique IDs they see. To link a a unique ID with a particular person he just has to get close to his target (or for that matter just watch her jog by) and then note the ID that’s being broadcast. Or he can leave one tracker in the bushes by his target’s front door and note what ID it picks up (he gets when she comes and goes that way too). And since consumers are encouraged to “just drop the sensor in their Nike+ shoes and forget about it” the trackers will work even when the target isn’t actually jogging or using the device.

The work is impressive, but I feel like by focusing on the Nike + iPod design it’s pointing to the smoke instead of the fire. Yes, Apple probably could have designed their system to make this sort of tracking more difficult. Ditto the RFID chips in smart cards, passports, highway toll-payment boxes, quick-payment key fobs and consumer products, not to mention Bluetooth devices and cellphones. But the main technology trend that’s making this sort of tracking possible, I would argue, is not the plethora of remotely-readable unique IDs we carry everywhere we go so much as the small, cheap hardware that even a moderately technical attacker can turn into his very own sensor network. RFID and transmitters are a ready-made “fingerprint” that such sensor networks can read easily, but as machine vision and pattern recognition technology improves there will be an increasing number of features will uniquely identify you to a sensor network, including minor differences in hardware you carry, how you walk or what you look like. This is not to say we shouldn’t encourage companies to make tracking by RFID harder to do, but I think it’s at best going to buy us 5-10 years before you’ll be able to buy your own automatic person-tracking sensor network at any online spy-shop. We’d better be thinking now about what kind of social and legal systems we’ll want once that day comes.

Things That Fink Read More »

UK passport RFID “gotcha”?

The Guardian has a “gotcha” piece about how easy it is to crack the security on the RFID tags in the new UK passports. Bruce Schneier and Bruce Sterling have both commented favorably on the piece, but personally I don’t see what all the fuss is about. The RFID chip contains a cryptographically signed digital copy of the main page of your passport, including a digital copy of your photograph. The idea is that this way you can’t modify the name or paste your own photo into a stolen passport because the digital data won’t match, and you can’t modify the digital data because it has to be signed by the issuing country. After people expressed concerns that someone nearby could eavesdrop on the conversation between the passport and the RFID reader, they decided to encrypt the passport using your passport number, expiration date and date of birth, which is encoded using a barcode (or maybe a magnetic stripe). That way the customs official swiping your card can read the photo but someone eavesdropping on the RFID conversation can’t.

There’s only one concern the story mentions that makes even vague sense to me:

This means that each time you hand over your passport at, say, a hotel reception or car-rental office abroad to be “photocopied”, it could be cloned with equipment like ours. This could have been done with an old passport, but since the new biometric passports are supposed to be secure they are more likely to be accepted without question at borders.

Certainly people trust computers a little too much, but this sounds like something proper training would solve. The idea that the RFID chip can be cloned doesn’t seem like that difficult a concept to teach.

So what am I missing here?

UK passport RFID “gotcha”? Read More »

Listing the guilty

Here is the list of 65 US Senators that voted to grant the president the right to lock non-citiziens up indefinitely without the right to trial or to challenge the legality of their detention, that declared if they ever are given a trial then hearsay and evidence obtained through coercion may be used against them, and that gave amnesty to those who authorized or committed illegal torture and abuse.

I find it horrific that so many of those we’ve elected to protect our fragile democracy are so quick to grant powers that belong only to kings, dictators and despots.

Listing the guilty Read More »

Not in my backyard

prop83map.gif

The front page of yesterday’s SJ Merc includes a great graphic showing how almost all of San Jose would be off limits to all registered sex offenders if California’s Proposition 83 is enacted by voters this November. The proposition would make it illegal for a registered sex offender to live within 2000 feet of a park or school (regardless of whether his or her crime involved children) and to wear a GPS ankle bracelet for life.

From my brief read of the law defining sexual registration (IANAL!) it looks like convicted criminals are forced to register if they’re found guilty of rape or by order of the court for any other crime if the court finds that “the person committed the offense as a result of sexual compulsion or for purposes of sexual gratification.” That’s not a sympathetic bunch of people, and though I’m disturbed by the idea of treating people as guilty of FutureCrime (punish people for what they might do in the future) I can understand the motivation. But as the Merc story points out banishing registered sex offenders from most parts of the city will just lead to more sex offenders becoming homeless, cut off from the support groups and social network that helps keep them from committing crimes again.

Not in my backyard Read More »

No more kings…

From today’s district court ruling that the NSA warrantless wiretapping program is illegal:

The Government appears to argue here that, pursuant to the penumbra of Constitutional language in Article II, and particularly because the President is designated Commander in Chief of the Army and Navy, he has been granted the inherent power to violate not only the laws of the Congress but the First and Fourth Amendments of the Constitution, itself.

We must first note that the Office of the Chief Executive has itself been created, with its powers, by the Constitution. There are no hereditary Kings in America and no powers not created by the Constitution. So all “inherent powers” must derive from that Constitution.

The President of the United States, a creature of the same Constitution which gave us these [the First and Fourth] Amendments, has undisputedly violated the Fourth in failing to procure judicial orders as required by FISA, and accordingly has violated the First Amendment Rights of these Plaintiffs as well.

No more kings… Read More »

Freedom of speech, if you don’t mind walking

Today’s WSJ has a story on how the FBI threatened to take away Moroccan immigrant Yassine Ouassif’s green card if he didn’t become an informant (behind a pay wall, sorry, a summary is here). Down at the bottom of the story is this bit:

Ms. Aklaghi [Ouassif’s lawyer] says she learned more at that point about why federal authorities were so interested in him. Mr. Ouassif had been secretly recorded by an FBI informant talking to friends in a San Francisco mosque. A Homeland Security lawyer, she says, did not specify what Mr. Ouassif had said, but told her that his statements did not indicate criminal intent and were fully protected by the First Amendment. Nevertheless, his statements had landed him on the no-fly list, Ms. Aklaghi says, and led to all his subsequent travails.

So, if her information is correct, what this says is that Homeland Security is taking the position that though the First Amendment stops the government from “abridging the freedom of speech,” it doesn’t say anything about taking away someone’s ability to board an airplane if he says something we don’t like.

Homeland Security, of course, is not commenting at all, which points to the other big problem with all this nonsense: the people currently running the show are so secretive (and our congress so complicit) that it’s almost impossible to find out what’s actually being done in our name. Where’s the transparency? Where’s the freedom to be left alone when you’re doing nothing wrong? This is not how the America I learned about in civics class works. We deserve better — a lot better.

Update 7/12/06: corrected spelling of Aklaghi’s name.

Freedom of speech, if you don’t mind walking Read More »