Verizon and AT&T Want to Run Invasive Phone Ad-Tracking Networks

Smartphones today are essentially surveillance devices — perhaps the most intimate surveillance devices in general. If they’re left on (as is common), they know where people travel (it’s a necessity to keep a connection to phone towers and many apps track location), who they associate with (probably who they have sex with), what they do (seeing as they’re computers that people interact with on average for hours a day), and to top it all off, they can be turned into listening devices if the phone is hacked. Adding more intrusive surveillance to this (via more ad-tracking) would be horrible news for consumer privacy, and since privacy and security are so often intertwined today, it’ll end up being bad news for consumer security somehow too.

 

NSA Expands Mass Surveillance to Triple Its Collection of U.S. Phone Records

Mass surveillance is damaging to privacy generally and ineffective at preventing stateless terror attacks — its main effect is to increase repressive control.

The National Security Agency (NSA) collected over 530 million phone records of Americans in 2017—that’s three times the amount the spy agency sucked up in 2016.

The figures were released Friday in an annual report from the Office of the Director of National Intelligence (ODNI).

It shows that the number of “call detail records” the agency collected from telecommunications providers during Trump’s first year in office was 534 million, compared to 151 million the year prior.

“The intelligence community’s transparency has yet to extend to explaining dramatic increases in their collection,” said Robyn Greene, policy counsel at the Open Technology Institute.

The content of the calls itself is not collected but so-called “metadata,” which, as Gizmodo notes, “is supposedly anonymous, but it can easily be used to identify an individual. The information can also be paired with other publicly available information from social media and other sources to paint a surprisingly detailed picture of a person’s life.”

The report also revealed that the agency, using its controversial Section 702 authority, increased the number of foreign targets of warrantless surveillance. It was 129,080 in 2017 compared to 106,469 in 2016.

As digital rights group EFF noted earlier this year,

Under Section 702, the NSA collects billions of communications, including those belonging to innocent Americans who are not actually targeted. These communications are then placed in databases that other intelligence and law enforcement agencies can access—for purposes unrelated to national security—without a warrant or any judicial review.

“Overall,” Jake Laperruque, senior counsel at the Project On Government Oversight, said to ZDNet, “the numbers show that the scale of warrantless surveillance is growing at a significant rate, but ODNI still won’t tell Americans how much it affects them.”

U.S. Federal Government Set to Further Expand Mass Surveillance

It’s striking that the same congressional Democrats who verbally denounce the current president as a tyrant then vote to grant the executive branch extremely unjust surveillance authority. U.S. citizens, I encourage you to call the Senate and tell them to vote no on this mass surveillance bill. The Capitol Switchboard number is (202) 804-3305.

With the Senate set to cast its first votes on a bill that reauthorizes and expands the government’s already vast warrantless spying program in a matter of hours, civil libertarians on Tuesday launched a last-ditch effort to rally opposition to the legislation and demand that lawmakers protect Americans’ constitutional right to privacy.

Fight for the Future (FTF), one of many advocacy groups pressuring lawmakers to stop the mass surveillance bill in its tracks, notes that “just 41 senators can stop” the bill from passing.

“In the age of federal misconduct, every member of Congress must move right now to stop the government’s abuse of the internet to monitor everyone; they must safeguard our freedom and the U.S. Constitution,” FTF urged.

The FISA Amendments Reauthorization Act of 2017 (S.139)—passed by the House last week with the revealing but not surprising help of 65 Democrats—would renew Section 702 of FISA, set to expire this Friday.

As The Intercept‘s Glenn Greenwald notes, “numerous Senate Democrats are poised” to join their House colleagues in voting to re-up Section 702, thus violating “the privacy rights of everyone in the United States” and handing President Donald Trump and Attorney General Jeff Sessions sprawling spying powers.

The Senate’s first procedural vote on a cloture motion is expected at 5:30pm ET. If the motion is approved, the path will be clear for the bill to hit the Senate floor.

“Every member of Congress is going to have to decide whether to protect Americans’ privacy, and shield vulnerable communities from unconstitutional targeting, or to leave unconstitutional spying authority in Trump’s—and Jeff Sessions’—hands,” the advocacy group Indivisible notes.

EU Privacy Shield Standard Should be Adopted by More Countries

Online privacy isn’t as appreciated as it should be, but that may change as exponentially more devices are connected to the Internet over the next several years.

If you’re ever expecting a child, Target wants to be one of the first to know. The company has invested in research to identify pregnant customers early on, based upon their purchasing behavior. Then, it targets them with ads for baby gear.

While companies such as Target mine data about products their customers purchase from them (like prenatal vitamins) to send them personalized ads, many also rely on information gathered about us on the web — like what we search for on Google or email our friends. That lets them realize we’re planning a vacation to the Grand Canyon, for instance, and send us ads for local hotels.

 Many people think that it’s an invasion of privacy for companies to gather sensitive data — such as information about our relationships and medical history — and exploit it for commercial purposes. It could also widen social divisions. For example, Facebook determines our political beliefs based upon the pages we like and preferences we list on our profiles. If algorithms peg us as conservative or liberal and we’re targeted with ads accordingly, we may end up never understanding what people of other political persuasions think. Internet activist and author Eli Pariser has argued that America is so politically polarized in part because social media sites leave us in “filter bubbles.” Targeted political advertising could have the same effect.

That’s part of the reason why, in May, a new regulation will go into effect into the European Union giving citizens the “right to object” to “processing of personal data” about them for marketing and other purposes. As Andrus Ansip, the European Commission vice president for the digital single market, tweeted, “Should I not be asked before my emails are accessed and used? Don’t you think the same?” The new law overcame serious opposition from the advertising industry, whose representatives argue that it will disrupt ad revenues needed by the media. Experts say that websites will have to provide more valuable content to users as an incentive for readers to allow them to use their data.

Here in the U.S., most ads are bought through exchanges that allow advertisers to target people based upon data about them. Companies can choose to buy ads that will be seen, for example, by women who live in a particular ZIP code and graduated from a certain school. But according to guidance established by the Digital Advertising Alliance — a consortium of industry trade associations including the American Association of Advertising Agencies, the Association of National Advertisers, and the Better Business Bureau — consumers should have “the ability to exercise choice with respect to the collection and use of data.” Two members of the alliance accept consumer complaints and do their own research to identify violations of the rule. They work with companies to help them fix problems and report violations to regulators. 1  

While the principle behind the new EU law could justify wide-ranging new regulations and restrictions on how companies throughout the world do business, James Ryseff, a former Google engineer, says it’s likely that initially it will simply allow users to opt out of the “cookies” that track internet users as they surf the web. Although this will reduce the amount of data that tech companies can collect, it doesn’t truly allow users to opt out of targeted advertising, since businesses can still use the information they gather through other techniques — such as in-store purchases — to classify and reach customers. That’s why, Ryseff says, Americans should have more sophisticated ways to determine exactly what advertisers learn about us.

First, for example, we should be able to decide whether companies are able to gather generic data about who we are (such as our age, gender and location) or information about what we’re doing (such as researching a medical condition) — or neither, or both. “In general, I think ‘What I do’ information has a greater ability to freak people out,” Ryseff says. “Used incorrectly, it makes you feel like Google is stalking you.”

Second, Americans should get to decide where and when our data is tracked. For example, some people might be more comfortable being tracked on a search engine that knows their buying behavior and can make recommendations accordingly, but less so on personal email which can identify private facts about their lives — or work email which might contain proprietary information. (Google previously used data from the content of users’ emails to target them with ads, but pledged in June to stop the practice.) And we might want to temporarily stop allowing search engines to track our activities when we’re looking up something private, like medical symptoms. 2

Third, we should get to decide whether we’re willing to be targeted with ads based upon our own behaviors or people algorithms have decided are like us.

Google Collecting the Location of Android Users Even When Location Services are Disabled

Google’s latest disrespect for personal privacy follows their censorship of many left-wing media outlets. Google has cooperated too much (see the U.S. PRISM program) with various governments in providing information on innocent people in the past, and it would be unwise to always expect them to do the same in the future.

Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card?

Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed.

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

Quartz observed the data collection occur and contacted Google, which confirmed the practice.

The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.

[…]

The practice is troubling for people who’d prefer they weren’t tracked, especially for those such as law-enforcement officials or victims of domestic abuse who turn off location services thinking they’re fully concealing their whereabouts. Although the data sent to Google is encrypted, it could potentially be sent to a third party if the phone had been compromised with spyware or other methods of hacking. Each phone has a unique ID number, with which the location data can be associated.

The revelation comes as Google and other internet companies are under fire from lawmakers and regulators, including for the extent to which they vacuum up data about users. Such personal data, ranging from users’ political views to their purchase histories to their locations, are foundational to the business successes of companies like Facebook and Alphabet, built on targeted advertising and personalization and together valued at over $1.2 trillion by investors.

Chilling Chinese Social Credit Blacklist

I mainly criticize the corrupt activities of the U.S. government and the corporations originating there, but I occasionally devote energy to criticizing other states if it’s significant enough. Chinese repressions such as its heavily authoritarian, state-sanctioned system of discrimination fall into that category.

Apple CEO Tim Cook looks forward to a “common future in cyberspace” with China, he told the Chinese government’s World Internet Conference earlier this month. This was an embarrassing gesture toward a state that aggressively censors the internet and envisions a dystopian future online.

The experience of lawyer Li Xiaolin may give a taste of what that future looks like. During a 2016 work trip inside China, he tried to use his national identity card to purchase a plane ticket. To his surprise, the online system rejected it, saying he had been blacklisted by China’s top court. Mr. Li checked the court’s website: His name was on a list of “untrustworthy” people for having failed to carry out a court order in 2015. He thought he had resolved the issue, but now he was stranded more than 1,200 miles from home.

Mr. Li’s dilemma was due to the Chinese government’s ambitious “social credit system.” Launched by the government in 2012, it vows to “make trustworthy people benefit everywhere and untrustworthy people restricted everywhere” by the time it is fully implemented in 2020.

This is no anodyne credit score. By rating citizens on a range of behaviors from shopping habits to online speech, the government intends to manufacture a problem-free society. Those with low scores will face obstacles in everything from getting government jobs to placing their children in desired schools. It remains unclear exactly who will run the system, whether or how one could dispute scores, or even whether the system is legal.

[…]

Chinese government authorities clearly hope to create a reality in which bureaucratic pettiness could significantly limit people’s rights. As President Xi Jinping’s power grows, and as the system approaches full implementation, more abuses will come.

Video on China’s Disturbing Surveillance State

No rational human being would ideally want to live in a society with this much mass surveillance. It presents all sorts of problems and has a major repressive effect.

Mass surveillance has never been about security too. It’s about population control. More people will realize this as time goes on.

China has been building what it calls “the world’s biggest camera surveillance network”. Across the country, 170 million CCTV cameras are already in place and an estimated 400 million new ones will be installed in the next three years.

Many of the cameras are fitted with artificial intelligence, including facial recognition technology. The BBC’s John Sudworth has been given rare access to one of the new hi-tech police control rooms.

TSA Planning to Track Americans With Facial Recognition at Airports

A more repressive society follows a more intrusive surveillance state. If people want to know what’s possible and already used with facial recognition, I encourage them to look at the horrible Chinese surveillance system that not only uses facial recognition, but also tries to read the emotions of Chinese citizens. Those surveillance measures are unnecessary and do not befit goals for freedom in a country’s general public.

The “PreCheck” program is billed as a convenient service to allow U.S. travelers to “speed through security” at airports. However, the latest proposal released by the Transportation Security Administration (TSA) reveals the Department of Homeland Security’s greater underlying plan to collect face images and iris scans on a nationwide scale. DHS’s programs will become a massive violation of privacy that could serve as a gateway to the collection of biometric data to identify and track every traveler at every airport and border crossing in the country.

From Pilot Program to National Policy

While this latest plan is limited to the more than 5-million Americans who have chosen to apply for PreCheck, it appears to be part of a broader push within the Department of Homeland Security (DHS) to expand its collection and use of biometrics throughout its sub-agencies. For example, in pilot programs in Georgia and Arizona last year, Customs and Border Protection (CBP) used face recognition to capture pictures of travelers boarding a flight out of the country and walking across a U.S. land border and compared those pictures to previous recorded photos from passports, visas, and “other DHS encounters.”  In the Privacy Impact Assessments (PIAs) for those pilot programs, CBP said that, although it would collect face recognition images of all travelers, it would delete any data associated with U.S. citizens. But what began as DHS’s biometric travel screening of foreign citizens morphed, without congressional authorization, into screening of U.S. citizens, too. Now the agency plans to roll out the program to other border crossings, and it says it will retain photos of U.S. citizens and lawful permanent residents for two weeks and information about their travel for 15 years. It retains data on “non-immigrant aliens” for 75 years.

3 Billion (Instead of 1 Billion) Yahoo Accounts Were Compromised

Yahoo’s use of the MD5 hash basically means that virtually all of their user passwords were compromised. Considering that Yahoo was also found to be involved in the NSA Prism program, people should have been using better email providers years ago. I’d personally recommend Tutanota, Protonmail, and Mailfence for email services.

Yahoo’s infamous hack — already one of the worst in history — is even worse than previously thought.

All 3 billion user accounts it had in 2013 were affected by the security breach, the company, which Verizon acquired in June, said on Tuesday. Yahoo had previously estimated the hack affected 1 billion accounts.

In its statement, the company said:

“Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.”

The hacked user information included phone numbers, birth dates, security questions and answers, and “hashed,” or scrambled, passwords, Yahoo said in a list of frequently asked questions on its website. The information did not include “passwords in clear text, payment card data, or bank account information,” the company said.

However, the technique Yahoo used to hash passwords on its site is an outdated one that is widely considered to be easily compromised, so it’s possible that people who had the hashed passwords could unscramble them.

Yahoo said it was sending email notifications to account holders that it didn’t previously determine were affected by the hack.

Disturbing: Amazon’s Echo Spot is a sneaky way to get a camera into your bedroom

The Amazon Echo Spot is a new level of invasiveness against consumers. Succinctly explained, it’s a new extreme in the exploitation of personal data.

Echo Spot feels like the real push to get cameras inside your smart home. It’s more than just an alarm clock, but Amazon is definitely pushing this as a $130 device that will sit next to your bed. Promotional materials show it sitting on nightstands, providing a selection of clock faces and news / weather information. The privacy concerns are obvious: an always-listening (for a keyword) microphone in your bedroom, and a camera pointing at your bed.

From an article I linked to a month ago:

Amazon is going to show the industry how to monitor more moments: by making corporate surveillance as deeply embedded in our physical environment as it is in our virtual one. Silicon Valley already earns vast sums of money from watching what we do online. Soon it’ll earn even more money from watching what we do offline.

[…]

 Surveillance can transform any physical space into a data mine. And the most data-rich environment, the one that contains the densest concentration of insights into who you are, is your home.

That’s why Amazon has aggressively promoted the Echo, a small speaker that offers a Siri-like voice-activated assistant called Alexa. Alexa can tell you the weather, read you the news, make you a to-do list, and perform any number of other tasks. It is a very good listener. It faithfully records your interactions and transmits them back to Amazon for analysis. In fact, it may be listening not only your interactions, but absolutely everything.

Putting a listening device in your living room is an excellent way for Amazon to learn more about you. Another is conducting aerial surveillance of your house. In late July, Amazon obtained a patent for drones that spy on people’s homes as they make deliveries. An example included in Amazon’s patent filing is roof repair: the drone that drops a package on your doorstep might notice your roof is falling apart, and that observation could result in a recommendation for a repair service. Amazon is still testing its delivery drones. But if and when they start flying, it’s safe to assume they’ll be scraping data from the outside of our homes as diligently as the Echo does from the inside.

It’s becoming more clear why the concerns about Big Tech are rising among more people. These companies are too powerful already, and too much concentrated power results in corrosive corruption.

U.S. Department of Homeland Security to Begin Collecting Social Media Info on All Immigrants October 18th

This widespread government collection of social media information — without individual warrants — is a measure of authoritarianism, and it may cause other countries to increase their unjust collection policies too. Once this data is collected, it could be used against vulnerable members of society to bring considerable harm to them. Other more privileged citizens are also at some risk, however, as their communications with immigrants through social media will also be collected.

The US Department of Homeland Security (DHS) is expanding the kinds of information that it collects on immigrants to include social media information and search results. The new policy, which covers immigrants who have obtained a green card and even naturalized citizens, will take effect on October 18th.

First spotted by Buzzfeed News, the announcement from the Trump regime was published in the Federal Register. The new policy will not only allow DHS to collect information about an immigrant’s Twitter, Instagram, and Facebook accounts, but it also mentions all “search results.” It’s not immediately clear if that means the agency will have access to things such as Google search histories nor is it clear how that would be obtained.

The new policy includes 12 points of expansion on what DHS is allowed to collect, but numbers 5 and 11 seem to be the most alarming in their ability to reach inside the digital lives of immigrants to the US and anyone who interacts with those immigrants.

[…]

(11) update record source categories to include publicly available information obtained from the internet, public records, public institutions, interviewees, commercial data providers, and information obtained and disclosed pursuant to information sharing agreements;

The term “information sharing agreements” isn’t defined in the policy, but it could conceivably cover both the types of surveillance agreements that the US has with countries like the UK, Canada, Australia, and New Zealand under Five Eyes, as well as the agreements that DHS has with companies like Google and internet service providers.