We all knew that the roll-out of the naked body scanners was a joke and that it was all about manufacturing fear to keep tax-payer money flowing into the defense industry. What we didn’t know was how poorly thought out the whole scanning process is. It turns out that the scanners are very easily beaten by just altering the placement of the object you are trying to hide. Instead of putting it in your front pocket you need to put it in a side pocket.

“Top Secret America” is a project nearly two years in the making that describes the huge national security buildup in the United States after the Sept. 11, 2001, attacks.

When it comes to national security, all too often no expense is spared and few questions are asked – with the result an enterprise so massive that nobody in government has a full understanding of it. It is, as Dana Priest and William M. Arkin have found, ubiquitous, often inefficient and mostly invisible to the people it is meant to protect and who fund it.

The articles in this series and an online database at topsecretamerica.com depict the scope and complexity of the government’s national security program through interactive maps and other graphics. Every data point on the Web site is substantiated by at least two public records.

Because of the nature of this project, we allowed government officials to see the Web site several months ago and asked them to tell us of any specific concerns. They offered none at that time. As the project evolved, we shared the Web site’s revised capabilities. Again, we asked for specific concerns. One government body objected to certain data points on the site and explained why; we removed those items. Another agency objected that the entire Web site could pose a national security risk but declined to offer specific comments.
We made other public safety judgments about how much information to show on the Web site. For instance, we used the addresses of company headquarters buildings, information which, in most cases, is available on companies’ own Web sites, but we limited the degree to which readers can use the zoom function on maps to pinpoint those or other locations.

Our maps show the headquarters buildings of the largest government agencies involved in top-secret work. A user can also see the cities and towns where the government conducts top-secret work in the United States, but not the specific locations, companies or agencies involved.

Within a responsible framework, our objective is to provide as much information as possible, so readers gain a real, granular understanding of the scale and breadth of the top-secret world we are describing.

Not interested in having yourself automatically identified in photos across the internet? Then you might want to take a cue from Adam Ant (or Blade Runner’s Pris, if you prefer), as Adam Harvey, a student in NYU’s Interactive Telecommunication Program, has discovered that some over the top face makeup applied in just the right way can thwart most facial recognition software. Dubbed CV Dazzle (after the Dazzle camouflage used in World War I), the makeup works simply by enhancing areas of the face that you otherwise wouldn’t ordinarily enhance — so instead of applying the makeup around your eyes, you’d apply some on your cheeks and effectively “invert” that area. According to Harvey, that method is effective at blocking the face recognition used by Facebook, Picasa and Flickr — and it doesn’t simply cause some mild confusion, it actually prevents the software from detecting any face at all.

See video here.

Source: engadget.com

“The records would show the date, time, called number, and location of the telephone when the call was made,” Judge Hughes wrote in the decision, dated Nov. 11. “These data are constitutionally protected from this intrusion.”

Judge Hughes’ decision comes as the U.S. government is facing increasing judicial challenges to its practice of obtaining information about the location of individuals without a search warrant. Last week, the Supreme Court heard oral arguments in a case where the government placed a GPS tracking device under a vehicle and monitored the driver’s movements for a month without a search warrant.

During the argument, Chief Justice John Roberts said to Michael Dreeben, deputy solicitor general of the Justice Department: “If you win this case then there is nothing to prevent the police or the government from monitoring 24 hours a day the public movement of every citizen of the United States.” The Justice Department argues that people have no expectation of privacy on public roads.

Cellphone records are governed by the Electronic Communications Privacy Act, a 1986 law that permits law enforcement officers to obtain certain digital records – such as some e-mail and cellphone records – without a search warrant. A coalition of technology companies—including Google Inc., Microsoft Corp. and AT&T Corp.—is lobbying Congress to update the law to require search warrants in more digital investigations.

At the same time, judges in lower courts have been questioning the constitutionality of the law, which only requires officers to show “specific and articulable facts” the electronic records sought are “relevant and material” to an ongoing investigation. For physical searches of a person’s home, the government is required to show probable cause that a crime was committed and obtain a search warrant.

Since 2005, more than a dozen magistrate judges have written opinions denying applications for court orders to track cellphones without search warrants. The nation’s roughly 500 magistrate judges handle applications for search warrants and other types of electronic surveillance in federal courts.

Of course, some have upheld warrantless searches. Last week, U.S. District Court Judge Liam O’Grady ruled that the government could obtain data from the Twitter accounts of three WikiLeaks without a search warrant.

Last year, Magistrate Judge Stephen Smith of U.S. District Court in the Southern District of Texas issued an opinion denying the government access to 60 days worth of information about a cellphone subscriber’s location and phone calls, without a search warrant.

Magistrate Judge Smith wrote that although cellphone tracking wasn’t envisioned by the writers of the Constitution, it had become so precise and pervasive that “for a cellphone user born in 1984, however, it is now conceivable that every movement of his adult life can be imperceptibly captured, compiled, and retrieved from a digital dossier somewhere in a computer cloud. Now as then, the Fourth Amendment remains our polestar.”

The government appealed, saying that the Fourth Amendment, which protects against unreasonable searches and seizures, does not apply because “a customer has no privacy interest in business records held by a cell phone provider, as they are not the customer’s private papers.” The government also challenged Judge Smith’s description of the accuracy of location tracking as “inaccurate or misleading,” and submitted an affidavit from cellular provider MetroPCS Wireless Inc. stating that the average coverage radius of its cellular towers was about “one or two miles.”

The district court ruling was short, but declarative. It affirmed Magistrate Judge Smith’s decision on constitutional grounds. “When the government requests records from cellular services, data disclosing the location of the telephone at the time of particular calls may be acquired only by a warrant issued on probable cause,” Judge Hughes wrote. “The standard under the [existing law] is below that required by the Constitution.”

Source: Wall Street Journal

Wired and iFixIt have teamed up to dismantle an FBI tracking device. These are the  ones that the FBI surreptitiously places in the bumper of your car so they can track your movements.

This is what they found:

We partnered with Wired to bring you a peek inside an FBI car-tracking device. The device is similar to the one Yasir Afifi found underneath his car. If you’re curious where this one came from, Wired has posted a writeup about Karen Thomas, the woman who found this tracker under her car. They’ve also posted a video of Kyle doing the teardown.

The device comprises of a GPS unit for receiving the car’s position, an RF transmitter for relaying your location to the interested authority (aka the FBI), and a set of sweet D-cell batteries that power the whole enchilada. But we didn’t stop there, of course. Read on to find out exactly what components make this secretive device tick.

Disclaimer: We love the FBI. We’ve worked with them on several occasions to fight crime and locate criminals. We’ve helped them with instructions on gaining entry into certain devices. We have nothing against them, and we hope they don’t come after us for publishing this teardown.

Did you know that police cars these days are now outfitted with cameras that can automatically scan all license plates within their visual range? Cameras mounted on a patrol car driving 80 mph can capture plates from cars driving the opposite way traveling at the same speed. Side-mounted cameras can be used to collect plates in a parking lot as the officer cruises leisurely back and forth through the lanes! Automated License Plate Recognition (ALPR) technologies mounted on police cars and various stationary sites are vastly improving the monitoring capabilities of the police force, and pissing off civil rights groups just as effectively.

The goal behind using ALPR monitoring is to track criminals. A “hot list,” provided by the FBI, is downloaded every day. The list includes perpetrators of all kinds, including illegal drivers such as those with suspended licenses or without insurance, but also more hardened criminals with warrants. They even track sex offenders. If a wanton criminal or a stolen vehicle turns up, the system notifies police who can then react quickly. In addition to spotting criminals, the data collected by the cameras can be mined in the event of a major incident such as a terrorist attack. Law enforcement officials could go back and see who was in the area at the time of the attack. The automated system is capable of scanning 10,000 license plates per hour and running checks on 2,000 to 2,500 of them against the “hot list” in a 10 hour shift. By comparison, the fastest police officers run about 100 plates per 10 hour shift. And the cameras are better at their job–they don’t tire at the end of their shift. Cruise shotgun with British Columbia’s Sergeant Rick Stewart in the video below for a demonstration of ALPR technology. Awesomely, he actually gets a hit during the taping: a stolen vehicle involved in an armed robbery.

The plate trackers were developed in 1992 at Cambridge University in the United Kingdom to help track terrorists. Several different technologies are combined to produce the system’s automated sophistication. A platefinder firmware continually searches the camera’s field of view for license plates. Once a license plate is detected the dual lens camera is activated, capturing images in both visible and infrared light. The infrared lens enables the camera to capture the plate in all kinds of weather conditions and even in complete darkness. A triple flash technology is also used that varies the flash, shutter, and gain settings over multiple images to adjust to different light and weather settings. A computer selects the best image for processing and that image is then read by an optical character recognition engine. The OCR engine can be generic or customized to the style of license plate found in a particular state or country. Because plates come in all shapes and sizes a good OCR engine will be flexible, reading plates from skewed and off-axis angles, and having different sizes, syntax rules, and designs. Processors will then take the data and store it in multiple formats for different types of downstream analyses.

Along with police vehicles, the cameras are also being mounted onto stationary sites such as toll booths and speed monitors: those roadside panels that tell you, “You’re driving this fast.” During last year’s World Series, San Francisco’s law enforcement used ALPR to monitor cars in the vicinity of AT&T Park. The San Francisco Chroniclerecently reported that the city’s crime fighters have placed the cameras on six of their cruisers–that’s adding to the ten which already had them. As of this time last year,Los Angeles had 26 cameras.

At $20,000 a pop, the plate scanners aren’t cheap. But the increased monitoring efficiency and accuracy make them well worth the cost to law enforcement personnel. A study performed by the Association of Chief Police Officers concluded that using the cameras increased arrest rates in the UK ten times the national average.

Big Brother Never Sleeps

Not surprisingly, the increasing use of automated plate recognition to track drivers has raised the ire of the ACLU and other privacy advocate groups. In addition to a general distaste for being monitored all the time, the major objection being brought against plate recognition technology is the possibility that the data might be used for purposes other than tracking criminals. A recent article in Time described a hypothetical divorce case where the movements of a person could be used as circumstantial evidence to argue adultery. Law enforcement officals everywhere are doing their best to assuage these sorts of fears. Sergeant Dan Gomez, who runs the LAPD’s Tactical Technology Unit, emphasized that their license plate data is heavily guarded with strict protocols that an investigator must go through if he wants to follow up on a particular car.

Given such famous privacy gaffe’s like President Bush’s wire-tapping and, most recently, the discovery that Apple iPhones and iPads are storing data on their customers’ whereabouts, I really can’t blame anyone for crying foul as the scanners show up on our neighborhood police cars and street corners. It seems like we’re constantly having to assess the sincerity of our technocrats when they tell us, “Honestly, there’s nothing to worry about.” Didn’t we all kind of know that Google was keeping tabs on what we asked them to look up for us? But even as the details of our lives are ever more embedded into our hard drives we continue sit back and trust the powers that be to not take advantage of us (Intriguingly, if you Google the words “Google” and “privacy,” the first four hits are google.com statements detailing their privacy policy. Suspicious, no?).

Look, I think the technology is great. By all means, nab the bad guys. But I’m also thankful that we have groups like the ACLU that raise these important questions that I’m sure most of us share. If science is too important to be left to scientists, technology is too important to be left to those who make it. In my opinion, the world really is looking more and more like Orwell’s “1984.” It’s probably a good thing, from time to time, to give Big Brother a punch in the nose.

Source: Singularity Hub

The U.S. Department of State is proposing a new Biographical Questionnaire for passport applicants. The proposed new Form DS-5513 asks for all addresses since birth; lifetime employment history including employers’ and supervisors names, addresses, and telephone numbers; personal details of all siblings; mother’s address one year prior to your birth; any “religious ceremony” around the time of birth; and a variety of other information.  According to the proposed form, “failure to provide the information requested may result in … the denial of your U.S. passport application.”

The State Department estimated that the average respondent would be able to compile all this information in just 45 minutes, which is obviously absurd given the amount of research that is likely to be required to even attempt to complete the form.

The proposed “Biographical Questionnaire” follows the introduction in December 2010 of a new Form DS-11 for all passport applicants. It seems likely that only some, not all, applicants will be required to fill out the new questionnaire, but no criteria have been made public for determining who will be subjected to these additional new written interrogatories.

It’s not clear from the supporting statement, statement of legal authorities, or regulatory assessment submitted by the State Department to the Office of Management and Budget (OMB) why declining to discuss one’s siblings or to provide the phone number of your first supervisor when you were a teenager working at McDonalds would be a legitimate basis for denial of a passport to a U.S. citizen.

The State Department deadline for submitting comments to the OMB on this proposal was April 25, 2011. (Under the Paperwork Reduction Act,  OMB must approve and assign an OMB control number before any new form can be used.) Details and instructions for submitting comments are in the Federal Register notice (also available here as a PDF):

(Note that the proposed form itself was not published in the Federal Register. A copy was eventually provided to Papers, please after they requested it from the Department of State, and it is viewable here.)

You can view the comments docketed to date here. (There’s sometimes a delay of up to several days before comments are docketed, so don’t panic if you don’t see yours immediately.)

Extra points to the person who gives the best answer in the comments to the question, “Please describe the circumstances of your birth including the names (as well as address and phone number, if available) of persons present or in attendance at your birth.”

Source: PapersPlease.org

Law enforcement organizations are making tens of thousands of requests for private electronic information from companies such as Sprint, Facebook and AOL, but few detailed statistics are available, according to a privacy researcher.

Police and other agencies have “enthusiastically embraced” asking for e-mail, instant messages and mobile-phone location data, but there’s no U.S. federal law that requires the reporting of requests for stored communications data, wrote Christopher Soghoian, a doctoral candidate at the School of Informatics and Computing at Indiana University, in a newly published paper.

“Unfortunately, there are no reporting requirements for the modern surveillance methods that make up the majority of law enforcement requests to service providers and telephone companies,” Soghoian wrote. “As such, this surveillance largely occurs off the books, with no way for Congress or the general public to know the true scale of such activities.”

That’s in contrast to traditional wiretaps and “pen registers,” which record non-content data around a particular communication, such as the number dialed or e-mail address that a communication was sent to. The U.S. Congress mandates that it should receive reports on these requests, which are compiled by the Administrative Office of the U.S. Courts, Soghoian wrote.

If law enforcement wants to intercept e-mail or instant messages in real-time, they are required to report it. Since 1997, federal law enforcement has requested real-time intercepts only 67 times, with state law enforcement agents obtaining 54 intercept orders.

Soghoian wrote that those low figures may seem counterintuitive given the real-time nature of electronic communications. But all of the communications are stored, he noted.

“It is often cheaper and easier to do it after the fact rather than in real-time,” Soghoian wrote.

Cox Communications, a major U.S. service provider, charges $3,500 for a wiretap and $2,500 for a pen register. Account information, however, costs a mere $40.

Soghoian found through his research that law enforcement agencies requested more than 30,000 wiretaps between 1987 and 2009. But the scale of requests for stored communications appears to be much greater. Citing a New York Times story from 2006, Soghoian wrote that AOL was receiving 1,000 requests per month.

In 2009, Facebook told the news magazine Newsweek that it received 10 to 20 requests from police per day. Sprint received so many requests from law enforcement for mobile-phone location information that it overwhelmed its 110-person electronic surveillance team. It then set up a Web interface to give police direct access to users’ location data, which was used more than 8 million times in one year, Soghoian wrote, citing a U.S. Court of Appeals judge.

Those sample figures indicate the real total number of requests is likely much, much higher, since U.S. law does not require reporting and companies are reluctant to voluntarily release the data.

“The reason for this widespread secrecy appears to be a fear that such information may scare users and give them reason to fear that their private information is not safe,” Soghoian wrote.

In 2000, the House of Representatives considered legislation that would have set standards for reporting requests by police for location information, such as the tracking of mobile phones. But the Department of Justice opposed the bill, Soghoian wrote, saying the reporting requirements would be too time consuming.

Soghoian argues that Congress should have oversight of these new surveillance powers. He recommended mandating that the Administrative Office of the U.S. Courts compile statistics on requests for stored communications as they do now for wiretap orders. The information could be sent to the office by the courts rather than the DOJ.

“These reporting requirements would provide Congress with the information necessary to make sound policy in the area of electronic surveillance,” Soghoian wrote.

Source: MacWorld

The head of INTERPOL has emphasized the need for a globally verifiable electronic identity card (e-ID) system for migrant workers at an international forum on citizen ID projects, e-passports, and border control management.

Speaking at the fourth Annual EMEA ID WORLD summit, INTERPOL Secretary General Ronald K. Noble said that regulating migration levels and managing borders presented security challenges for countries and for the world that INTERPOL was ideally-placed to help address.

“At a time when global migration is reaching record levels, there is a need for governments to put in place systems at the national level that would permit the identity of migrants and their documents to be verified internationally via INTERPOL,” said Secretary General Noble.

“The vast majority of migrants are law-abiding citizens who would like to have their identities verified in more than one country using the same identity document. If countries were to issue work and residence permits in an e-ID format that satisfied common standards internationally, then both the migrant workers and the countries themselves would benefit because efficiencies would improve, security at the national and global level would improve and corruption would be reduced.”

The ID WORLD forum heard that such a card required developing a mechanism whereby the biometric identity features of migrants, such as fingerprints and DNA, would be checked systematically against global databases.

“INTERPOL currently helps member countries screen travel documents of international air travelers approximately one-half a billion times a year. It would be a natural extension of this service to assist member countries in determining whether bearers of a globally verified identity card were in possession of a valid identity document or are wanted internationally for arrest via INTERPOL at the time that they applied for a work or residence permit,” added the INTERPOL Chief.

“Issuing migrant workers e-ID cards in a globally verifiable format will also reduce corruption and enable cardholders to be eligible for electronic remittance schemes that will foster greater economic development and prosperity in INTERPOL member countries,” concluded Secretary General Noble.

The Chinese government has announced plans to track the real-time location of all cell phones in the city of Beijing, purportedly to ease traffic problems that have plagued the city. Human rights activists have expressed concerns that this plan may well be the newest attempt by the Chinese government to surveil its citizenry against any attempted uprising. As Wang Songlian of the Chinese Human Rights Defenders network told the Guardian:

For ordinary people, the government is worried about social unrest. Often there’s a spark somewhere and everyone gathers and puts out information. By registering people and tracking them, it enables them to find out about particular protests and punish individuals.

Location privacy is an endangered concept. As technology evolves, many networked devices are becoming increasingly more portable and affordable — and increasingly sharing one’s real-time location data without a users’ explicit knowledge or consent. The threats to location privacy in the era of the smart phone are multifarious, including applications that leak private data and obsolete laws that fail to protect civil liberties. As the situation in China demonstrates, modern smart phones may also act as a mechanism for governments to vacuum up data on citizens who might protest authoritarian regimes. While EFF continues to champion cell phone location privacy inU.S. courts and on the Hill, the fundamental privacy conundrum posed by modern cell phones is that they cannot function properly without simultaneously exposing locational information.

This means that Beijing citizens have few choices when it comes to protecting their location privacy from the government, an especially problematic scenario considering China passed a lawlast year mandating that people register their cell phones in their real names. Currently, the only solution for true location privacy, whether in China or anywhere else, is turning off the mobile phone and removing the battery. Unfortunately, there’s no feasible and easily achievable consumer-facing software or hardware anywhere that can effectively circumvent location tracking while leaving modern smart phones functional.

There are, however, some hacktivists and academics beginning to explore creative solutions to this problem. Among the ideas being circulated is the possibility of a “mobile mesh network” connectivity – having cell phones connect directly to one another, rather than routing signals through cell phone towers. While there may be other security concerns around mesh networking, such communication methods hold promise for maintaining communications in “Internet blackout” scenarios such as those seen recently in Egypt and Libya. We look forward to future developments in this arena.

Source: Electronic Freedom Foundation