AMITIAE - Saturday 3 August 2013


Cassandra: Surveillance in the Home - Joining some Dots (Amended - additional sources)


apple and chopsticks



advertisement


By Graham K. Rogers


Cassandra


Sometimes a bunch of reports arrive at around the same time that, on their own might give a small part of a larger picture. When several reports arrive at the same time all with a piece of the jig-saw, it is easier to imagine the complete image. In the case of ordinary people being spied on, the situation may be far worse than had been realised.


For several years now, the UK has had the greatest number of cameras, watching its citizens 24 hours a day. In the market town my family live in, I counted over 20 in the small town centre alone. With speed cameras, home security, and other systems (London congestion charge scheme), Britain wins the dubious prize of the most watched country. At least UK citizens know that the cameras are operating, as do those in other cities round the world where there are other traffic and security camera systems.

security In the news a great deal of late has been the revelations of Edward Snowden concerning the way that the NSA and other organisations have been conducting surveillance on individuals. The main outcry in the USA has been that US citizens have been targeted, although the NSA has been redefining some of the words it has used to make it seem more palatable. That and lying to Congress.


Not much has been said about those without terrorist connections who are not US citizens, who actually make up the majority in the wider world. The NSA and others are free to spy on them, sometimes joined by its poodle, the UK which is alleged to do the NSA's dirty work (Nick Hopkins and Luke Harding, The Guardian).

A report in the Jakarta Times last week showed some of the anger that erstwhile allies are feeling with the knowledge that their President (and others) was spied in when attending the 2009 G20 summit in London. Indonesia has had to promise that no such spying will take place at an upcoming APEC summit. One hopes they tell the United States.

Some types of surveillance are valuable. Traffic cams can show where congestion occurs and allow better route-planning; since 2010 Apple has a feature on its iOS devices and Macs for tracking a stolen or lost device (nice to see Android also copying this now); and crimes committed in public have been solved by careful use of such camera input, for example the Boston bombings, which were sadly not prevented however, despite all the tools apparently at the disposal of the security services.

There is also the benefit that cameras can be used to catch those supposed to be enforcing the law when they exceed their authority, or are even violent towards members of the public. Perhaps this is why so many police (and other law enforcement organisations) claim illegally that taking pictures of them should stop, even confiscating cameras and deleting shots. Illegally.

When the tracking enters the home or a user's private space, things are more problematical.


In an item on Samsung televisions, Erica Fink and Laurie Segall on CNN Money, report that a security hole had been found that allowed outside access to the television camera and to the rest of the operating system.

security An aspect of the potential hacking was that the camera could be turned on, but the user would be unaware as the activity light would not be activated. Time perhaps for some Band-Aid fixes.

We are told in the report that the security breach could have allowed a number of other actions, perhaps concerning financial transactions on the internet, to be carried out. One security analyst cited in the report said, "If there's a vulnerability in any application, there's a vulnerability in the entire TV". The fault has now been fixed we are told, but I am sure I am not alone in not feeling at all secure, especially as Samsung is recommending that ". . . customers use encrypted wireless access points."

Their claim that their latest TV is "The most advanced tv experience" may be truer than consumers realise.


Hot on the heels of this was a report by Mike Masnick on TechDirt concerning a trick that the FBI have been using: using malware to turn on the microphones of laptops and phones. The report specifically mentions Android phones, but the information about delivery systems for computers is a little vague, "spyware delivered to computers . . . through email or Web links". Phones are also targeted in this fashion too.

security Masnick's article has a number of useful links to articles in which key-loggers are mentioned, in cases going back to 2001, but there is also a Wall Street Journal item that appeared a couple of days ago (1 August) by Jennifer Valentino-DeVries and Danny Yadron which explains in some detail how the FBI is using hacker tricks to access information that would previously have been inaccessible.

The article mentions the small industry that has grown up to provide such tools and the USA is not the only place where these are being developed. Some experts from Thailand are regularly visiting establishments to the west of London to be coached in the use of such new technologies. From what I am told, the capabilities are being expanded here too and that already several of the tools have been deployed.

Mike Masnick also highlights the "wonderful" line: "The bureau has controls to ensure only "relevant data" are scooped up". As the word, "relevant" has been used by the NSA a lot recently and is one of those featured in its apparent redefining of the language, eyebrows should be raised here.


Joining another dot was a report from longtime security expert, Declan McCullagh who also reports on the FBI and its capabilities. He adds the disturbing news that some of the new software developed to aid in the snooping - it is not surveillance, the FBI wants easy-to-use backdoors - needs to be installed on the premises of Internet Service Providers (ISP) and that the "government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies' internal networks to facilitate surveillance efforts."

security The port reader software is used to intercept communications and, while some ISPs are resisting (and some courts are not cooperating), some are just rolling over. The report, analysis and comments by Declan McCullagh are worth taking time over. Consider the implications.

If the US has such capabilities, it may well have shared some of the technology (at least) with allies. it is well-known, for example, that the UK government (present and previous) have been pushing for legislation that will allow total access to all communications, relevant or not.


I mention in the section on FBI snooping above the expansion of such capabilities in Thailand, ostensibly for crime detection purposes. It was a little disturbing to read (via a Twitter message) a report on the local Thai Visa Forum a complaint from a Chiang Mai resident whose use of a Virtual Private Network (VPN) had been blocked by the ISP, TrueMove. The user was told he would be "banned if [he tried] to use a bypassing IP address again".

While the ISP is within its rights to do this, and local ISPs are under some pressure to prevent access to certain sites that may contain information the authorities do not want viewed here, in the context of the Snowden affair, it was interesting to see that Thailand was one of the countries that featured on the NSA map of places from which data was collected.

It was clear that Bangkok was one of the locations, but the others in the region are not clear. It was suggested that Vietnam was one, and Ho Chi Minh City (Saigon) looks a likely candidate. Malaysia was also suggested, but Singapore is more probable as it is a friendly state and most of the communications to and from the region pass through there.



The last word should go to a cartoonist. Ted Rall, a political cartoonist was interviewed by RT after he produced a cartoon lampooning the collection of metadata (and other information) by the NSA and other (supposedly) law enforcement agencies. Rall is infuriated, like so many people, with the way the NSA has gone about expanding data collection - a digital fishing trip - and trying to justify it by reference to 9/11.

As most of the data being swept up has no use whatsoever in a security context, he is justifiably enraged: as should we all be. The cartoon is on the page and may make some laugh for its irreverence and the way it highlights the unnecessary waste of resources.



See Also:


Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.


advertisement



Google


Made on Mac

For further information, e-mail to

information Tag information Tag

Back to eXtensions
Back to Home Page