Category Archives: Mobile Phones

MI5 ‘secretly collected phone data’ for decade

BBC News reports:

Woman on phoneMI5 has secretly been collecting vast amounts of data about UK phone calls to search for terrorist connections.

The programme has been running for 10 years under a law described as “vague” by the government’s terror watchdog.

It emerged as Home Secretary Theresa May unveiled a draft bill governing spying on communications by the authorities.

If it becomes law, the internet activity of everyone in Britain will be held for a year by service providers.

Police and intelligence officers will then be able to see the names of sites suspected criminals have visited, without a warrant.

Mrs May told MPs the proposed powers were needed to fight crime and terrorism but civil liberties campaigners warned it represented to a “breathtaking” attack on the internet security of everyone living in the UK.


The Iran I Saw

Christopher Schroeder, author of Startup Rising, writes for Politico:

[…] This is a tale of two Irans. This is, specifically, the tale of the other Iran.

The tale we hear most often focuses on natural resources like oil as their greatest asset or nuclear power as their greatest threat—a narrative frozen in time, stretching back decades with remembered pain on both sides. For many Americans, the reference point for Iran is still centered on the hostage crisis at the U.S. embassy in Tehran over 35 years ago; for others, it has focused on Iranian support for destabilizing regional actors against our interests and costing lives.

At the same time, of course, Iranians have their own version of this tale: Many remember well U.S. support for a coup of their elected leadership, our support for a dictatorial regime and later encouragement of a war in Iraq that cost nearly a half-million Iranian lives.

Politics, power, mistrust: This is one version of how the media frames discussion of Iran. It’s very real, and it has much caution and evidence to support it.

But there’s another tale, one I saw repeatedly in my trip there last month. It was my second visit within the year, travelling with a group of senior global business executives to explore this remarkable and controversial nation.’


How we sold our souls – and more – to the internet giants

Bruce Schneier recently published an excerpt from his book Data and Goliath at the Guardian:

barbie‘[…] Surveillance is the business model of the internet for two primary reasons: people like free and people like convenient. The truth is, though, that people aren’t given much of a choice. It’s either surveillance or nothing and the surveillance is conveniently invisible so you don’t have to think about it. And it’s all possible because laws have failed to keep up with changes in business practices.

In general, privacy is something people tend to undervalue until they don’t have it anymore. Arguments such as “I have nothing to hide” are common, but aren’t really true. People living under constant surveillance quickly realise that privacy isn’t about having something to hide. It’s about individuality and personal autonomy. It’s about being able to decide who to reveal yourself to and under what terms. It’s about being free to be an individual and not having to constantly justify yourself to some overseer.

This tendency to undervalue privacy is exacerbated by companies deliberately making sure that privacy is not salient to users. When you log on to Facebook, you don’t think about how much personal information you’re revealing to the company; you chat with your friends. When you wake up in the morning, you don’t think about how you’re going to allow a bunch of companies to track you throughout the day; you just put your cell phone in your pocket.

But by accepting surveillance-based business models, we hand over even more power to the powerful. Google controls two-thirds of the US search market. Almost three-quarters of all internet users have Facebook accounts. Amazon controls about 30% of the US book market, and 70% of the ebook market. Comcast owns about 25% of the US broadband market. These companies have enormous power and control over us simply because of their economic position.’


GCHQ, intelligence officers and police given immunity from hacking laws, tribunal told

Owen Bowcott reports for The Guardian:

GCHQ staff, intelligence officers and police have been given immunity from prosecution for hacking into computers, laptops and mobile phones under legislative changes that were never fully debated by parliament, a tribunal has been told.

The unnoticed rewriting of a key clause of the Computer Misuse Act has exempted law enforcement officials from the prohibition on breaking into other people’s laptops, databases, mobile phones or digital systems. It came into force in May.

The amended clause 10, entitled somewhat misleadingly “Savings”, is designed to prevent officers from committing a crime when they remotely access computers of suspected criminals. It is not known what category of offences are covered.

The act is primarily deployed to provide legal cover for domestic investigations. It is thought that individual warrants are not being obtained to justify each inquiry. Different legislation – section 7 of the Intelligence Services Act, nicknamed the “James Bond clause” – is believed to permit activities abroad that would otherwise be illegal.’


How the NSA Converts Spoken Words Into Searchable Text

Dan Froomkin reports for The Intercept:

Most people realize that emails and other digital communications they once considered private can now become part of their permanent record.

But even as they increasingly use apps that understand what they say, most people don’t realize that the words they speak are not so private anymore, either.

Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored.

The documents show NSA analysts celebrating the development of what they called “Google for Voice” nearly a decade ago.

Though perfect transcription of natural conversation apparently remains the Intelligence Community’s “holy grail,” the Snowden documentsdescribe extensive use of keyword searching as well as computer programs designed to analyze and “extract” the content of voice conversations, and even use sophisticated algorithms to flag conversations of interest.’


Pentagon Personnel Now Talking on ‘NSA-Proof’ Smartphones

Aliya Sternstein reports for NextGov:

The Defense Department has rolled out supersecret smartphones for work and maybe play, made by anti-government-surveillance firm Silent Circle, according to company officials.

Silent Circle, founded by a former Navy Seal and the inventor of privacy-minded PGP encryption, is known for decrying federal efforts to bug smartphones. And for its spy-resistant “blackphone.”

Apparently, troops don’t like busybodies either. As part of limited trials, U.S. military personnel are using the device, encrypted with secret code down to its hardware, to communicate “for both unclassified and classified” work, Silent Circle Chairman Mike Janke told Nextgov.’


Data and Goliath: Bruce Schneier on the Hidden Battles to Collect Your Data and Control Your World

‘Leading security and privacy researcher Bruce Schneier talks about about the golden age of surveillance and his new book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.” The book chronicles how governments and corporation have built an unprecedented surveillance state. While the leaks of Edward Snowden have shed light on the National Security Agency’s surveillance practices, less attention has been paid to other forms of everyday surveillance — license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining.’ (Democracy Now!)

iSpy: The CIA Campaign to Steal Apple’s Secrets

Jeremy Scahill and Josh Beglet report for The Intercept:

‘Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.

The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.

By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.’


Could GCHQ soon have access to India’s phone network?

The coming online privacy revolution

Jamie Bartlett has an extract featured from his new book, ‘Orwell vs The Terrorists’ over at Index on Censorship:

Extract from Orwell vs the Terrorists by Jamie Bartlett.Motivated by an honourable desire to protect online freedom and privacy, hundreds of computer scientists and internet specialists are working on ingenious ways of keeping online secrets, preventing censorship, and fighting against centralised control. A veritable army motivated by a desire for privacy and freedom, trying to wrestle back control for ordinary people. This is where the long-term effects will be felt.

Soon there will be a new generation of easy-to-use, auto-encryption internet services. Services such as MailPile, and Dark Mail – email services where everything is automatically encrypted. Then there’s the Blackphone – a smart phone that encrypts and hides everything you’re doing. There are dozens – hundreds, perhaps – of new bits of software and hardware like this that cover your tracks, being developed as you read this – and mainly by activists motivated not by profit, but by privacy. Within a decade or so I think they will be slick and secure, and you won’t need to be a computer specialist to work out how they work. We’ll all be using them.’


iPhone has secret software that can be remotely activated to spy on people, says Snowden

Andrew Griffin reports for The Independent:

The iPhone has secret spyware that lets governments watch users without their knowledge, according to Edward Snowden. The NSA whistleblower doesn’t use a phone because of the secret software, which Snowden’s lawyer says can be remotely activated to watch the user.

“Edward never uses an iPhone, he’s got a simple phone,” Anatoly Kucherena told Russian news agency RIA Novosti. “The iPhone has special software that can activate itself without the owner having to press a button and gather information about him, that’s why on security grounds he refused to have this phone.”


Why the modern world is bad for your brain

Daniel J. Levitin has an excerpt from his latest book, The Organized Mind: Thinking Straight in the Age of Information Overload, featured in The Guardian: 

Daniel J Levitan‘Our brains are busier than ever before. We’re assaulted with facts, pseudo facts, jibber-jabber, and rumour, all posing as information. Trying to figure out what you need to know and what you can ignore is exhausting. At the same time, we are all doing more. Thirty years ago, travel agents made our airline and rail reservations, salespeople helped us find what we were looking for in shops, and professional typists or secretaries helped busy people with their correspondence. Now we do most of those things ourselves. We are doing the jobs of 10 different people while still trying to keep up with our lives, our children and parents, our friends, our careers, our hobbies, and our favourite TV shows.

Our smartphones have become Swiss army knife–like appliances that include a dictionary, calculator, web browser, email, Game Boy, appointment calendar, voice recorder, guitar tuner, weather forecaster, GPS, texter, tweeter, Facebook updater, and flashlight. They’re more powerful and do more things than the most advanced computer at IBM corporate headquarters 30 years ago. And we use them all the time, part of a 21st-century mania for cramming everything we do into every single spare moment of downtime. We text while we’re walking across the street, catch up on email while standing in a queue – and while having lunch with friends, we surreptitiously check to see what our other friends are doing. At the kitchen counter, cosy and secure in our domicile, we write our shopping lists on smartphones while we are listening to that wonderfully informative podcast on urban beekeeping.

But there’s a fly in the ointment. Although we think we’re doing several things at once, multitasking, this is a powerful and diabolical illusion. Earl Miller, a neuroscientist at MIT and one of the world experts on divided attention, says that our brains are “not wired to multitask well… When people think they’re multitasking, they’re actually just switching from one task to another very rapidly. And every time they do, there’s a cognitive cost in doing so.” So we’re not actually keeping a lot of balls in the air like an expert juggler; we’re more like a bad amateur plate spinner, frantically switching from one task to another, ignoring the one that is not right in front of us but worried it will come crashing down any minute. Even though we think we’re getting a lot done, ironically, multitasking makes us demonstrably less efficient.’


Snooping FBI Plane ‘Sucking Up Everyone’s Cellphones’

Security Flaw Exposed In Use Of Fingerprint Passwords

FBI says search warrants not needed to use “stingrays” in public places

David Kravets reports for Arstechnica:

‘The Federal Bureau of Investigation is taking the position that court warrants are not required when deploying cell-site simulators in public places. Nicknamed “stingrays,” the devices are decoy cell towers that capture locations and identities of mobile phone users and can intercept calls and texts.

The FBI made its position known during private briefings with staff members of Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Sen. Chuck Grassley (R-Iowa). In response, the two lawmakers wrote Attorney General Eric Holder and Homeland Security chief Jeh Johnson, maintaining they were “concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests” of Americans.’


AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide

Ryan Gallagher writes for The Intercept:

map‘[…] According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance.

The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers.

Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.’


Theresa May and her worrying enthusiasm for so-called ‘not-spots’

Comedian David Mitchell wrote for The Guardian earlier this month:

Theresa May‘[…] Like Theresa May, many totalitarian governments have noticed how tricky it is to monitor millions. It’s even harder than keeping count of a flock of sheep, because not only do humans move around even more than livestock, some of them actively don’t want to be counted. Only terrorists and criminals, of course – Ms May is clearly convinced of that. So much so that she believes the undoubted convenience to customers of being able to use more than one phone network – this clear and beneficial correction to the market – should be sacrificed because it would play havoc with spies’ admin. It would make it harder to snoop on everyone.

But there are so many other things people do that make surveillance harder. We move house whenever we want, we travel wherever we like – at the drop of a hat, without telling anyone. What honest person needs to do that? Why not register our movements – submit them to a brief and streamlined vetting process – just to help the security services keep us safe? What’s the harm? Why the need for secrecy? Other than the security services’ secrecy of course – which is vital to national security and in all of our best interests. Why would anyone want to whisper unless they’d got something to hide? So let’s speak up loud and clear into our trustworthy guardians’ microphones.’


Noam Chomsky: The Other Side of Technology

Phishing Expedition: Secret US Justice Department Spy Program Tracks Cellphone Users

Elizabeth Armstrong Moore reports for Newser:

The extent to which the US government spies on US soil continues to unfold. The latest revelation: Using Cessna aircraft over at least five metropolitan-area airports, the Justice Department oversees (albeit to an unknown extent) a program that indiscriminately accesses large amounts of cellphone data, including identifying information and people’s general locations, to search for suspects. The program cuts out the middleman—cellphone companies—a process law enforcement has described as slow and inaccurate. The Justice Department has neither confirmed nor denied the program, but people close to it tell the Wall Street Journal that this type of surveillance happens on a regular basis.’


Europol warning on the risks related to the Internet of Everything

Pierluigi Paganini reported for Security Affairs last month:

IoEThe European Police Office (Europol) confirmed that difficulties to face the menaces of cybercrimes to the Internet of Everything (IoE).

The EU’s chief criminal intelligence agency made a disconcerting revelation, the threat of “online murder” is set to rise. It isn’t a science movie trailer, but the finding that cyber criminals increasingly targeting victims with internet technology that could cause injury and possible deathsby hacking critical safety equipment.

According to the European Police Office (Europol) the rapid diffusion of the paradigm of the ‘Internet of Everything’ (IoE) is stressing the dependency of human activities from a large number of devices always connected to the Internet and with significant computational capability.’


White House Aims to Replace Website Passwords With Federal Authentication Scheme

Jason Ditz reports for Antiwar:

‘The White House has announced today that a long-standing plan to roll out a federal “Internet ID” authentication scheme that would be used to log in to all websites across the Internet will move forward, and the service will launch in six to twelve months.

“We simply have to kill off the password,” insisted White House Cybersecurity Coordinator Michael Daniel. The initiative began in 2011, with an eye toward public-private plans, but seems now to be centering on wearable authentication bracelets that Americans would apparently get instead of passwords.’


Verizon’s ‘Perma-Cookie’ Is a Privacy-Killing Machine

Robert McMillan reports for Wired:

‘Verizon Wireless has been subtly altering the web traffic of its wireless customers for the past two years, inserting a string of about 50 letters, numbers, and characters into data flowing between these customers and the websites they visit.

The company—one the country’s largest wireless carriers, providing cell phone service for about 123 million subscribers—calls this a Unique Identifier Header, or UIDH. It’s a kind of short-term serial number that advertisers can use to identify you on the web, and it’s the lynchpin of the company’s internet advertising program. But critics say that it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.’


False White House “Emergency Alert” Hijacks TVs of AT&T Customers

Rebecca Lindstrom reports for 11 Alive:

Emergency Alert‘AT&T U-verse customers in several states woke up Friday morning to find a federal emergency alert on TV. The problem is, there was no emergency and the alert somehow hijacked their TV’s, refusing to allow them to change the channel.

Alan Sams, who has his phone and internet service bundled through AT&T says he couldn’t use the internet or his phone either.

“I’m more concerned that somebody on the inside of AT&T has the capacity to deal with shutting off my communications and controlling my communications, even if it was for a short period of time,” said Sams.’


UK police use loophole to hack phones and email

Dominic Kennedy reports for The Times:

‘Police are hacking into hundreds of people’s voicemails, text messages and emails without their knowledge, The Times has discovered.

Forces are using a loophole in surveillance laws that allows them to see stored messages without obtaining a warrant from the home secretary.

Civil liberties campaigners reacted with concern to the disclosure that police were snooping on personal messages so often, without any external monitoring and with few safeguards.

Surveillance laws protect the public from having live phone messages, texts and emails accessed by police unless a warrant is granted by the home secretary.’


FBI Director: If Apple and Google Won’t Decrypt Phones, We’ll Force Them To

Jason Koebler reports for VICE Motherboard:

‘Everyone is stoked that the latest versions of iOS and Android will (finally) encrypt all the information on your smartphone by default. Except, of course, the FBI: Today, its director spent an hour attacking the companies and the very idea of encryption, even suggesting that Congress should pass a law banning the practice of default encryption.

It’s of course no secret that James Comey and the FBI hate the prospect of “going dark,” the idea that law enforcement simply doesn’t have the technical capability to track criminals (and the average person) because of all those goddamn apps, encryption, wifi network switching, and different carriers.

It’s a problem that the FBI has been dealing with for too long (in Comey’s eyes, at least). Today, Comey went ballistic on Apple and Google’s recent decision to make everything just a little more private.’


Three of UK’s big four mobile phone networks providing customer data to police forces

James Ball reports for The Guardian:

‘Three of the UK’s four big mobile phone networks have made customers’ call records available at the click of a mouse to police forces through automated systems, a Guardian investigation has revealed.

EE, Vodafone and Three operate automated systems that hand over customer data “like a cash machine”,as one phone company employee described it.

Eric King, deputy director of Privacy International, a transparency watchdog, said: “If companies are providing communications data to law enforcement on automatic pilot, it’s as good as giving police direct access [to individual phone bills].”

O2, by contrast, is the only major phone network requiring staff to review all police information requests, the company said.’


New York Quickly Nixes Cellphone Tracking Devices in Phone Booths

Cora Currier reports for The Intercept:

Featured photo - New York Quickly Nixes Cellphone Tracking Devices in Phone Booths‘New York City quickly announced it would get rid of devices that could turn phone booths into cellphone trackers after the program was revealed this morning [Monday 6th].

A Buzzfeed investigation published today found that the city allowed 500 radio transmitters, called “beacons,” to be installed in pay phone booths, apparently thickly concentrated in lower and mid-Manhattan. A few hours later, the Mayor’s office said they would have them removed.

Though they could be woven into a location-aware advertising network, the beacons are there for maintenance notifications only and are not yet being used for commercial purposes, according to Titan, the firm that runs the advertising displays for thousands of city phone booths. There was no public announcement when the devices were installed.’


Your iPhone is now encrypted. The FBI says it’ll help kidnappers. Who do you believe?

Trevor Timm writes for The Guardian:

‘Much of the world has been enthralled by the new iPhone 6, but civil liberties advocates have been cheering, too: Along with iOS 8, Apple made some landmark privacy improvements to your devices, which Google matched with its Android platform only hours later. Your smartphone will soon be encrypted by default, and Apple or Google claim they will not be able open it for anyone – law enforcement, the FBI and possibly the NSA – even if they wanted to.

Predictably, the US government and police officials are in the midst of a misleading PR offensive to try to scare Americans into believing encrypted cellphones are somehow a bad thing, rather than a huge victory for everyone’s privacy and security in a post-Snowden era. Leading the charge is FBI director James Comey, who spoke to reporters late last week about the supposed “dangers” of giving iPhone and Android users more control over their phones. But as usual, it’s sometimes difficult to find the truth inside government statements unless you parse their language extremely carefully.’


Protesters Beware: Don’t Get Stung By Stingrays

Dina Rascor writes for

‘Stingray was one of the original surveillance devices made by the Harris Corporation and now is used as a generic term. In its active mode, a stingray device can overpower a normal cell tower transmitter by fooling your phone and up to 60,000 cell phones (and newer devices) around you into thinking it’s communicating with your cell provider at a local cell tower.

Instead, your phone is sending the signal that it sends to a local cell phone tower every seven to 15 seconds to the stingray device. The Stingray can then find out your IMSI (International Mobile Subscription Identity) and your ESN (Electronic Serial Number). Older Stingray models can use this information to find out your cell phone number which can be used to identify you, the individual. According to an article in ARS Technica, new models such as Triggerfish or software-upgraded Stingrays can actually listen in on your conversations in real time.’


FBI: New Apple, Google phones too secure, could put users ‘beyond the law’

Jacob Axelrad reports for Christian Science Monitor:

‘The FBI director James Comey has expressed concern that Apple and Google are making phones that cannot be searched by the government.

Speaking to reporters in a briefing Thursday, Mr. Comey said he is worried that such phones could place users “beyond the law,” The Wall Street Journal reported. He added that he’s been in talks with the companies “to understand what they’re thinking and why they think it makes sense.”

Major tech companies recognize the marketing potential of selling products that make consumers feel their data is as secure as can be. Both Apple and Google have made recent announcements emphasizing their new products will make it more difficult for law enforcement to extract customers’ valued data.

But Comey’s remarks raise questions of what, exactly, the government wants.’