The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.
The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.
The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result.
One senior collection manager, speaking on the condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones. Additionally, data are often collected from the tens of millions of Americans who travel abroad with their cellphones every year.
- How the NSA is tracking people right now
- Tower Dumps Could Give Your Cell Data to Police
- Secure Smartphones: Has the NSA Scandal Created a New Industry?
- Since When Are Your Phone Calls Private, Government Lawyer Asks
- Federal government urges judge not to pull plug on massive phone data collection program
This month, the United States District Court for the District of Columbia ruled that the Department of Homeland Security must make its plan to shut off the internet and cellphone communications available to the American public. You, of course, may now be thinking: What plan?! Though President Barack Obama swiftly disapproved of ousted Egyptian President Hosni Mubarak turning off the internet in his country (to quell widespread civil disobedience) in 2011, the US government has the authority to do the same sort of thing, under a plan that was devised during the George W. Bush administration. Many details of the government’s controversial “kill switch” authority have been classified, such as the conditions under which it can be implemented and how the switch can be used. But thanks to a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center (EPIC), DHS has to reveal those details by January 13—or mount an appeal. (The smart betting is on an appeal, since DHS has fought to release this information so far.) Yet here’s what we do know about the government’s “kill switch” plan
The US has been spying on German Chancellor Angela Merkel’s mobile phone since 2002, according to a report in Der Spiegel magazine.
The German publication claims to have seen secret documents from the National Security Agency which show Mrs Merkel’s number on a list dating from 2002 – before she became chancellor.
Another report says Mr Obama was told in 2010 about the surveillance.
Meanwhile Washington has seen a protest against the NSA’s spying programme.
Several thousand protesters marched to the US Capitol to demand a limit to the surveillance. Some of them held banners in support of the fugitive former contractor Edward Snowden, who revealed the extent of the NSA’s activities.
- Media reports suggest Obama knew NSA spied on Merkel (DW)
- Top German spy chiefs to go to Washington for talks (BBC)
- Israel, Not US, Likely Behind Attempt to Hack French President (Antiwar)
- Germany and France warn NSA spying fallout jeopardises fight against terror (Guardian)
- NSA spying scandal threatens to hamper US foreign policy (AP)
- Mexican ex-minister: Spied-on leaders should see intercepted material (AFP)
- Italian PM says spying by allies unacceptable (Reuters)
The Mexican village of Talea de Castro has long been ignored by Mexico’s mobile phone companies as too remote to put on their networks, but as the BBC’s Will Grant reports, they have responded by building their own.
Mexican billionaire Carlos Slim, the richest man in the world, has a lot of customers.
In Latin America, Carlos Slim’s telecommunications giant, America Movil, has around 262 million subscribers, and in Mexico alone handles more than 70% of the country’s mobile phone users.
But the residents of the tiny coffee-producing village of Talea de Castro are not among them.
For years, the locals have asked the main networks in Mexico to install a mobile phone antenna in the village.
They kept getting the same answer: it was not worth sending an engineer into the remote mountains of Oaxaca for fewer than 10,000 customers.
While much attention has focused recently on debating the role of social media in high-profile events like the Arab Spring and the war in Syria, a quieter revolution has been happening around the globe. It’s a revolution in innovation, information, and communication. And it could have big implications for the lives of people from Colombia to Egypt, Kenya to Afghanistan.
This revolution is in the way technologies are being used at the community level to mitigate causes of violence. It’s difficult to think of a single issue in the conflict-management field — election violence, interethnic hatred, land disputes, gender violence, and so on — in which there hasn’t been an effort to use digital media and technology-enabled networks to inflect the causes of conflict.
The catalyst for this quiet revolution comes down to a single reality that is both commonplace and incredible: For the first time in human history, people everywhere — including in impoverished conflict zones — have the ability to take photos, push data, publish text, and send information around the world or down the street with the click of a button. We are all social-media makers now, and the extent to which we see this at work in the peacebuilding field every day cannot be overstated. With well over 6 billion cell-phone subscriptions in the world, and over one-third of the world’s population online, we’ve seen a striking expansion in the tools that peace-builders have at their disposal. Crowd-sourcing, crisis-mapping, micro-blogging — in less than a decade, these have become essential to analysis and decision support across the entire conflict cycle, from prevention to post-conflict stabilization.
Here’s a scary moment that brings home how distracting electronic devices can be: a man pulled out a gun on a crowded San Francisco commuter train, started waving it around… And nobody noticed because they were looking at their phones.
Sadly the altercation, which took place in San Francisco on September 23, SFGate reports, left one person dead. Police allege that a man named Nikhom Thephakaysone, who has since been arrested and charged, shot and killed 20-year-old Justin Valdez on a light-rail commuter train in an apparently random attack.
Video of the event shows the man brandishing a gun openly, pulling it out several times, raising it and pointing it across the aisle and using the hand holding the weapon to wipe his nose. Although the train was full of commuters, no one seemed to notice.
- Video: I Forgot My Phone
- Social Media’s Dual-Edged Sword: Narcissism vs. Self-Esteem (Psychology Today)
- Esteem Issues Determine How People Put Their Best Facebook Forward (Science Daily)
- Device curbs Facebook use via shock to wrist (Click Colorado)
- Samsung Unveils Galaxy Gear Smartwatch (WSJ)
- Smartphones May Help Pedestrians Dodge Cars (Newser)
The world’s first fair-trade smartphone will be unveiled to the public in London this week, marking a leap forward in ethical technology. The Dutch firm behind the phone said it had worked closely with pressure groups to ensure the smartphone, called Fairphone, was the most ethically sourced product available.
Smartphone makers such as Apple and Samsung have in the past been criticised for failing to reveal that their products were made from resources mined in conflict zones and manufactured in Far East factories where labour practices have been called into question.
The new handset, with a screen size of 4.3 inches (10.9cm), half-way between the iPhone 5 and Samsung Galaxy SIII, will retail at £272, but is not available until December. Almost 15,000 have already been pre-ordered. Potential customers will be able to handle the new product at the London Design Festival on Wednesday
A number of minerals used in smartphones often come from conflict zones, such as the Democratic Republic of Congo (DRC). The three Ts – tantalum, tin and tungsten – in particular, are extracted from mines in the region and armed groups controlling them are alleged to benefit, with profits fuelling the fighting.
Fairphone’s tin and tantalum are extracted from conflict-free mines – those where profits aren’t used for the purchase of arms.
More than a million British kids get their first mobile phone by the time they’re five years old, according to new research from uSwitch.com, the independent price comparison and switching service. The average age for children to get their first mobile is 11 years and 8 months – soon after starting secondary school.
When shopping for handsets, parents will spend £246 on themselves, while they’ll only fork out an average £125 on their kids’ phones – enough to cover the cost of an entry-level smartphone like the Samsung Galaxy Ace or BlackBerry Curve 9320. However, 15% of kids under 16 have mobiles worth more than their parents’. SIM-free handsets above the £245 mark include bestselling smartphones like the Nokia Lumia 900 and the Samsung Galaxy S3 Mini.
US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.
The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.
The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.
Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.
Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.
The files, from both the NSA and GCHQ, were obtained by the Guardian, and the details are being published today in partnership with the New York Times and ProPublica.
RECENT RELATED NEWS:
- NSA encryption story, Latin American fallout and US/UK attacks on press freedoms (Glenn Greenwald)
- NSA Laughs at PCs, Prefers Hacking Routers and Switches (Wired)
- NSA Can Spy on Smart Phone Data (Spiegel)
- Obama Packs Surveillance Review Board With D.C. Insiders (New American)
- NSA act like they are at war with ordinary US citizens (RT)
- NSA Blackmailing Corporate Media?: Interview with Russ Tice (Breaking the Set)
- President Obama Says He Learns What NSA Is Doing From The Press, Then Goes To NSA For Details (Techdirt)
- Obama administration had restrictions on NSA reversed in 2011 (Washington Post)
- NSA Revelations Cast Doubt on the Entire Tech Industry (Wired)
- NSA paid millions to Internet companies to cover surveillance program costs (RT)
- Patriot Act Author Says NSA Is Abusing Spy Law (Wired)
- Snowden leaks only tip of the iceberg (DW)
- A List Of Online Encryption Tools That The NSA Has Already Foiled (NY Times)
- NSA surveillance: A guide to staying secure (Guardian)
- Secret NSA docs show wiretapping of UN (RT)
- The NSA never takes ‘no’ for an answer (Reuters)
- UK asked N.Y. Times to destroy Snowden material (Reuters)
For Americans concerned about their privacy, the NSA data grabs are daunting, but what about the data grabs happening inside your own home, perpetrated not by the government, but by your coffee machine?
Consider every appliance and every piece of home electronics that you own. Does it gather data about how you use it? Does it connect to the Internet? If so, it could be used to spy on you. Your mobile devices, your TV, and now various other types of home appliances can be wired into a network that can track you. If those networks are hacked, information about your habits and behaviors could be available to people with nefarious goals. The same technological innovation that empowers us also makes us vulnerable to those who would exploit such advances against us.
[...] The effort to start using Wireless Emergency Alerts (WEAs) began nearly 10 years ago but has been besieged by technical challenges and bureaucratic red tape.
After 9/11, the Federal Emergency Management Agency began researching ways to create a comprehensive, Internet-based system that would incorporate alerts for TV, radio, websites, automatic phone systems, social media, mobile phones and digital signs among other things. The goal is for IPAWS to also reach non-English speakers and people who are hearing-impaired.
In the wake of the failed federal response to Hurricane Katrina, former President George W. Bush ordered a sweeping technological overhaul of the nation’s warnings for natural disasters and terrorist attacks.
The Public Alert and Warning System lawmandated FEMA to modernize the antiquated broadcast-based national emergency alert system (EAS) and implement an integrated approach. Send alerts “to the American people through as many communication pathways as practicable,” Bush wrote in the 2006 order.
After years of setbacks by what a 2009 GAO report called “shifting program goals, lack of continuity in planning, staff turnover, and poorly organized program information from which to make management decisions,” the wireless alert portion of IPAWS is finally being used by the National Weather Service, the National Center for Missing & Exploited Children and a handful of state and local agencies. For example, emergency managers in New York and Massachusetts sent alerts during Superstorm Sandy and the manhunt for the Boston Marathon bombing suspects.
Most smartphones and some tablets sold in the past two years — roughly 320 million currently active devices — can now receive the location-based alerts, which are transmitted on an exclusive frequency not subject to traffic delays.
All WEA-enabled devices are automatically programmed to receive the warnings for missing children and impending danger (e.g., weather and earthquakes) unless the user adjusts the settings or asks the carrier to turn them off.
‘Smart bins‘ are bin and gone. The City of London Corporation has called for Wi-Fi-enabled, data-snaffling bins to stop recording your movements as you wander the streets.
Twelve recycling ‘pods’ with LCD screens showing adverts have been sniffing out details of your phone as you pass, and tracking your subsequent movements. But with the local authority flagging the bins to the Information Commissioner’s Office, trials of the technology have been suspended.
The bins are placed by a startup called Renew London on streets around London’s Cheapside. According to The Independent, the bins recorded details of a whopping 4,009,676 devices in the pockets of passers-by.
If your Wi-Fi is on, your MAC address and movements can be tracked by the bins. The data is captured to see which shops you visit and how long you stay there, in order to serve up targeted adverts on screens on the sides of rubbish receptacles.
There’s a funny catch-22 when it comes to privacy best practices. The very techniques that experts recommend to protect your privacy from government and commercial tracking could be at odds with the antiquated, vague Computer Fraud and Abuse Act (CFAA).
A number of researchers (including me) recently joined an amicus brief (filed by Stanford’s Center for Internet and Society in the “Weev” case), arguing how security and privacy researchers are put at risk by this law.
The crux of a CFAA violation hinges on whether or not an action allows a user to gain “access without authorization” or “exceed authorized access” to a computer. The scary part, therefore, is when these actions involve everyday behaviors like clearing cookies, changing browser reporting, using VPNs, and even protecting one’s mobile phone from being identified.
- Secure E-Mail Companies Say There’s No Such Thing Anymore (Business Week)
- How cryptography is a key weapon in the fight against empire states (Guardian)
- Meet Tor, The Military-Made Privacy Network That Counts Edward Snowden As A Fan (Huffington Post)
- Google Switches On Browser Spy Cam in Chrome (NBC)
- Google Chrome security flaw offers unrestricted password access (Guardian)
- 8 tips to enhance your online privacy (CSO)
From The Telegraph: A string of code from iOS 7 revealing ‘a fingerprint that changes colour during the setup process’ was posted online yesterday, sparking rumours that the new iPhone could contain a fingerprint sensor. If the rumours are true, the latest iPhone will be the first Apple product to feature such a sensor, which could be used for unlocking the homescreen or confirming identity for payment from the App Store or other outlets. Any sensor would likely be embedded into the physical home button. Earlier this year it was reported that a supply chain source in Taiwan said Apple had been forced to delay production of the next iPhone due to failure to find a coating material that did not interfere with the fingerprint sensor.
- Any cellphone can be traced by its digital fingerprint (New Scientist)
- Intelligent Fingerprinting gets US patent for fingerprint drug tests (Biometric Update)
The US Court of Appeals for the Fifth Circuit has ruled that historical cellphone location data is not protected by the Fourth Amendment, allowing police to access the data without a search warrant. The court, whose decisions apply in Texas, Louisiana, and Mississippi, says that such the information is “clearly a business record” that belongs to carriers, noting that “the government does not require a member of the public to own or carry a phone… the government merely comes in after the fact and asks a provider to turn over records the provider has already created.” The decision adds to a growing number of federal cases that have split sharply on the issue of warrantless tracking: last year the Sixth Circuit ruled that police do not need a warrant to track phones using GPS, while the Third Circuit ruled in 2010 that warrants are indeed required.
The Fifth Circuit ruling acknowledges that “cell phone users may reasonably want their location information to remain private,” but notes that the solution is for people to “lobby elected representatives” to instigate legislation to protect their data, or demand that carriers stop storing the records in the first place. Unless that happens (or the Supreme Court overturns this decision), police in the Fifth Circuit will be able to access cellphone location data with only a court order, rather than a narrower (and harder to obtain) search warrant.
A serious vulnerability on SIM cards used in some mobile phones has been found, exploiting the flaw an attacker could eavesdrop on phone conversations, could install malicious applications on the device or it could impersonalize handset’s owner. The discovery is very concerning, the vulnerability could compromise the security for 750 million mobile phones.
Karsten Nohl, founder of Security Research Labs in Berlin, revealed to The New York Times that he has identified a vulnerability in encryption technology used for SIM that could allow an attacker to obtain the 56-digit SIM card’s digital key necessary for the card modification.
Nohl revealed that it is possible to exploit the vulnerability in less than two minutes using a common PC.
by Jason Ditz
The Office of the Director of National Intelligence reports that the secret authorization for the NSA to collect data on Americans’ phone calls, which was set to expire today, has been renewed by the FISA court.
Of course, there’s no reason to expect the secretive FISA court to do anything less. In 2012 the FISA courts saw 1,856 “requests” to authorize government surveillance, and every single one was approved as a matter of course.
The one unusual aspect of the announcement is that it was made at all, as of course most FISA grants of new government surveillance powers remain secret. The DNI says public interest in the phone surveillance program sparked the announcement.
Which is putting it mildly. Many Americans are offended by the government collection of their private data, and the Obama Administration seeks to reaffirm the “legality” of doing so as a way to quiet the growing outrage over it.
- NSA Phone Snooping Cannot Be Challenged in Court, Feds Say (Wired)
- NJ Supreme Court Says Cops Need A Warrant To Obtain Cell Phone Location Data (Techdirt)
- The NSA Admits It Analyzes More People’s Data Than Previously Revealed (Atlantic Wire)
- NSA surveillance is completely legal, says top intel lawyer (The Hill)
- Intelligence chiefs would consider NSA data collection changes – top lawyer (Guardian)
- Republicans And Democrats Shockingly Unite Against NSA Spying (Young Turks)
- NSA chief supports tech firms disclosing more on PRISM requests (LA Times)
- NSA Recruiter Verbally Assaulted at University (Dark Government)
The decline of the PC industry continues with shipments falling 10.9pc in the second quarter compared with last year, according to Gartner. This is the fifth consecutive quarter of declines in PC shipments – the longest duration of decline in the PC market’s history.
[...] All sorts of retailers — including national chains, like Family Dollar, Cabela’s and Mothercare, a British company, and specialty stores like Benetton and Warby Parker — are testing these technologies and using them to decide on matters like changing store layouts and offering customized coupons.
But while consumers seem to have no problem with cookies, profiles and other online tools that let e-commerce sites know who they are and how they shop, some bristle at the physical version, at a time when government surveillance — of telephone calls, Internet activity and Postal Service deliveries — is front and center because of the leaks by Edward J. Snowden.
by Glenn Greenwald
The Washington Post this morning has a long profile of Gen. Keith Alexander, director the NSA, and it highlights the crux – the heart and soul – of the NSA stories, the reason Edward Snowden sacrificed his liberty to come forward, and the obvious focal point for any responsible or half-way serious journalists covering this story. It helpfully includes that crux right in the headline, in a single phrase:
What does “collect it all” mean? Exactly what it says; the Post explains how Alexander took a “collect it all” surveillance approach originally directed at Iraqis in the middle of a war, and thereafter transferred it so that it is now directed at the US domestic population as well as the global one.
- Rep. Justin Amash will try to derail NSA surveillance by targeting funds (MLive)
- FBI gets access to Telstra records (SMH)
- The Government Is Spying On ALL Americans’ Digital and Old-Fashioned Communications (Washington’s Blog)
- Secrets Exposed: How the NSA Rubber-Stamps Warrentless Spying (Common Dreams)
The new surveillance technology is the StingRay (also marketed as Triggerfish, IMSI Catcher, Cell-site Simulator or Digital Analyzer), a sophisticated, portable spy device able to track cell phone signals inside vehicles, homes and insulated buildings. StingRay trackers act as fake cell towers, allowing police investigators to pinpoint location of a targeted wireless mobile by sucking up phone data such as text messages, emails and cell-site information.
When a suspect makes a phone call, the StingRay tricks the cell into sending its signal back to the police, thus preventing the signal from traveling back to the suspect’s wireless carrier. But not only does StingRay track the targeted cell phone, it also extracts data off potentially thousands of other cell phone users in the area.
Although manufactured by a Germany and Britain-based firm, the StingRay devices are sold in the US by the Harris Corporation, an international telecommunications equipment company. It gets between $60,000 and $175,000 for each Stingray it sells to US law enforcement agencies.
[...] Indeed, tech anxiety abounds. And I take it seriously. Some people feel something is amiss in their relationships, and that technology is to blame. There’s a move, cataloged in nearly every magazine, towards seeing the offline as authentic and the online as hollow, false, unreal. This may be a false distinction, digital dualism, as Nathan Jurgenson calls it, but it’s a widespread reaction to the technologies at hand. What was once an exciting new way to make friends now feels overengineered, or — more damningly in the current climate — processed.
Processed foods were once the time-saving, awe-inducing markers of an upwardly mobile household. (Check out this ad for dextrose.) Now, among the upper middle classes, they’re a sure sign that someone does not have a firm grip on what the good life is. Processed food, Michael Pollan would tell you, is not even really food at all. And it tangles you up in huge economic webs that stretch across the globe. So while Farm Bill politics make larger-scale solutions impractical, the answer, mostly, is to eat local, organic food — prepared like Grandma would.
This logic has been extended to digital friendships. Processed relationships get scare quotes: Facebook “friends.” Processed relationships can’t be as genuine or authentic or honest as real life friendships. Processed relationships generate data for Facebook and Twitter and Google and the NSA. So the solution is to make local friends, hang out organically, and only communicate through means your Grandma would recognize. It’s so conservative it’s radical!
Over a decade ago, it was discovered that the NSA embedded backdoor access into Windows 95, and likely into virtually all other subsequent internet connected, desktop-based operating systems. However, with the passage of time, more and more people went “mobile”, and as a result the NSA had to adapt. And adapt they have: as Bloomberg reports, “The NSA is quietly writing code for Google’s Android OS.”
Is it ironic that the same “don’t be evil” Google which went to such great lengths in the aftermath of the Snowden scandal to wash its hands of snooping on its customers and even filed a request with the secretive FISA court asking permission to disclose more information about the government’s data requests, is embedding NSA code into its mobile operating system, which according to IDC runs on three-quarters of all smartphones shipped in the first quarter? Yes, yes it is.
Google spokeswoman Gina Scigliano confirms that the company has already inserted some of the NSA’s programming in Android OS. “All Android code and contributors are publicly available for review at source.android.com.” Scigliano says, declining to comment further.
by Paul Joseph Watson
It’s not just governments that are using cellphone location data to spy on citizens – banks are now getting in on the act too – with Barclays announcing changes to its customer agreement that will open the door to individuals being tracked in the name of preventing fraud.
Barclays’ new customer agreement terms (PDF) – set to come into force from October 9, 2013, will also permit the bank to collect social networking data as well as using private transaction information to bombard customers with unsolicited “services and products”.
“The information we use will include location data derived from any mobile device details you have given us. This helps us protect you from fraud,” states the document.
This suggests that phone companies in Britain must have given Barclays some kind of back door access to people’s private cellphones in order to track their precise location, whether in real time or after potential fraud has been reported.
All modern cellphones can be tracked down a location which is accurate within 50 meters. Police, governments and corporations already use such data to spy on individuals for both surveillance and data harvesting.
The changes also state that Barclays will track the behavior of its customers via social media. The bank will also retain “images of you or recordings of your voice” in addition to monitoring “transactions on your account, to increase our understanding of services and products that you may wish to use so we can send you information about them.”
Read the full list of changes below.