gracefool

11 May 2012

Privacy Commissioner says citizens must be aware of police surveillance tactics

Last week was Privacy Awareness Week, and my city Wellington hosted a pair of forums, one about identity, and another on privacy, bringing together world experts in privacy and New Zealand government leaders and academics. The media reported on one issue discussed: Powerful surveillance cameras read texts.

In the article, NZ's Privacy Commissioner points out that police can act based on text messages that you send (which they may read through CCTV cameras on streets and in stadiums), and that "education and awareness of surveillance tactics are crucial".

Privacy Commissioner Marie Shroff said some overseas developments were amazing and she imagined there would be concern if and when that technology was implemented in New Zealand.

Civil liberties lawyer Michael Bott warned against becoming desensitised to digital surveillance.

"It's quite worrying when we, by default, move to some sort of Orwellian 1984 where the state or Big Brother watches your every move. The road to hell is paved with good intentions and we don't realise what we are giving up when we give the state the power to monitor our private lives."

The article is short and eye-opening, and ends with a list of some of the ways your actions are recorded on a daily basis.

Old news for those of us who are aware of privacy issues, but something the Commissioner said did concern me:

Ms Shroff said that, although reading someone's text messages in public could cause concern, the legitimacy of the action depended on what it was used for.

"We need to be aware of that – that potentially texting in a public place can be caught on a CCTV camera. If the text showed the person was plotting a riot or something, then it might well be legitimate for the police to use that under the coverage of exemption for law-enforcement activities.

"But if they were to use it simply out of nosiness, that might not be exempt," she said.

There are many problems with this. Firstly, it would be impossible to tell if police were using it "simply out of nosiness" - even if their surveillance were monitored by an independent agency, which it isn't. It could be always be simply out of nosiness, and then justified when the 20,000th text message they read turns out to lead to a conviction for something. Because a warrant isn't needed in public - anything you do or say is up for grabs.

Then there is the problem of the definition of "plotting a riot". What if you're plotting a peaceful protest, or a flash mob stunt? How different would that look to plotting a "riot"? What if you're just joking with a friend? We're used to this kind of self-censorship in airports - we know not to say words like "bomb" or "terrorist" in earshot of airport employees. Now we can get in trouble if we don't censor ourselves in public too - even if we're having a private conversation. Or if we're in the privacy of our own home, having a conversation with someone who is in public.

I wonder how many people are okay with the idea of police randomly listening to or reading private conversations in the hopes of finding something incriminating or dangerous. To be sure, police aren't doing that much now, but the only thing stopping them is resources and/or better technology to make the process more automated (and stored). This kind of thing is happening by default, without any public discussion, and the Privacy Commission, along with everyone else, is powerless to do anything about it except educate people about the issue. Only then might the trend towards a surveillance state be halted.

13 December 2011

Filed under: censorship copyright digital ethics political news privacy

How the US censors the world's internet, and the imminent law change which would make it far worse

In case you didn't know, for over a year US Immigration and Customs Enforcement (ICE, a unit of Homeland Security) has been censoring the internet of hundreds of websites they claim to be violating copyrights, by seizing their domain names and replacing them with the above scary seizure notice. The notice is very similar to the one used in the earlier "Protect Our Children" domain seizure operation for child porn websites. They've even started targeting foreign language websites with the recent seizure of 11 Korean movie websites - using a Korean version of the seizure notice.

Last week they backed down over a single site, dajaz1.com, a popular hip hop blog. They had mistakenly shut it down for over a year, denied all due process, and hid all the details. Despite their obvious lie that none of their seizures were being challenged, they had refused to respond to requests for basic information from dajaz1's lawyer for the entire time. Now that the domain is released, the RIAA continues to threaten dajaz1 with legal action, despite no evidence of wrongdoing, for daring to compete with their business.

This isn't just problematic for reasons of fair competition, due process, and free speech, but also for privacy, as ICE's method is also a means of internet surveillance.

Today the popular sharing website Megaupload announced it is suing Universal for taking down its content from YouTube - content that Universal has no rights to whatsoever. It is this kind of thing which causes thousands of videos to be wrongfully removed every day - YouTube's takedown policy is "shoot first, ask questions never". Usually the rightful uploader can't afford the legal fees, so it's nice to see rare instances like this where the issue gets a chance in court.

These examples from the last week are excellent demonstrations of situations which will be made far worse if US laws like SOPA and PIPA are passed. I previously blogged about PIPA, under which US citizens could get 6 years jail for uploading a video of themselves singing a copyrighted song. SOPA, an even more draconian law, is being debated in the House of Representatives on Thursday. Here's an infographic summary of SOPA, and another summarizing the legal battle. SOPA could destroy the internet - and my language is not too strong.

The imminent passing of SOPA is highlighting the doublethink of the White House on internet issues that I blogged about in August, and mainstream media is beginning to catch on to the duplicity.

While Chinese users appreciate the irony of SOPA, MPAA boss Chris Dodd actually asked, "If the Chinese censor the internet without a problem, why can't the US?".

Update 14 December: Amendments have been introduced that water down SOPA a bit - the jist of it remains, but it's not quite as insane. It now targets only non-US sites (since US sites can already be dealt with legally) - although for the end-user it's not at all obvious whether a site is foreign or not, and US sites will still be required to self-censor references to those foreign sites. Breaking the internet's DNS system is no longer required, but optional. Also,

Under the amended plan, which was released late Monday, a judge would have to order ad networks to stop doing business with a site “dedicated” to infringing activities. Under the original proposal, a rights holder could make those demands on an ad network or payment processor and effectively kill off the site.

The amendment, however, still gives legal immunity to financial institutions and ad networks that choose to boycott "rogue" sites."

And there are other reasons it's still a very bad law.

Update 10 January 2012:

The controversy over SOPA has been almost completely ignored by the US TV networks. Not surprising as they all enthusiastically support the bill, and more public attention is unlikely to help their cause. Since October 1, there has only been a single segment covering the issue, by CNN (which did not disclose its parent company Time Warner's support for the bill). Surely this will change as SOPA is becoming an election issue.
Every member of congress has received more campaign money from supporters than from opposers, usually significantly more (10-70 times as much). So far, supporters have given $92m and opposers $7m. Despite the fact that the opposing internet companies make far more in profits than the big media companies driving the bill.

12 September 2011

Filed under: digital ethics privacy

How you have no real privacy on the internet, thanks to ad networks

I've discovered something quite disturbing: Essentially, you have no privacy when you browse the internet (let alone actively communicate with it) - and you can mitigate this only by means which severly impact usability. Here's how it happens, what you can do to protect yourself, and why the onus will always be on you to do so.

The problem

Ad companies claim that online tracking is anonymous. It's not.

The above article by a researcher at Stanford is a great explanation of what is probably the biggest problem with browsing the internet: Your visit to almost every popular website is tracked by ad networks. This interactive infographic from the Wall Street Journal demonstrates how each visit to the 50 most popular websites in the US is tracked by up to hundreds of elements, and the case with the most popular kids websites is even worse. Here's a list of the top 100 webpage elements used to track you.

Companies often claim the data they collect is "anonymous" because they don't directly record your name or data directly identifying you. This is false - the data is more than enough to uniquely identify you (I'll explain how below). If desired, they can link that data to your "real-world" information - name, address etc - thereby generating a detailed profile of you and your history of browsing, purchasing, and other online interactions. There's a growing market for such services, called "de-anonymizing", a kind of data-mining that turns supposedly anonymous information into real identities.

This is just part of the larger issue of increasingly widespread privacy violations by private companies that have very little accountability.

Customer data is valued immensely by corporations, and you're giving it away constantly just by loading webpages. Imagine if someone read through your browser history every day. Major ad networks have the capability to do that, for the sites their scripts run on - that is, almost all the sites you're likely to visit. Do marketing companies and random websites really deserve your trust - that they won't use your data in an undesirable way, or hand it on to third parties? And if they're trustworthy for that (which is doubtful, since they have little or no accountability for how they use your data), do you also trust that they won't be hacked, or subverted by a rogue employee?

As a quick aside: Why should you care? The most common objection at this point is "only people with something to hide (ie. criminals) need privacy". A lot of people seem to really think that it's okay to criminalize privacy, and to look at someone with suspicion because they don't share all their photos with the world on Facebook. This view is very misguided, naive, hypocritical, and ultimately terrifying. This article in The Chronicle addresses it well. There is a basic human need for privacy, whether online or not, and it's not primarily about hiding bad things, but about reducing misunderstanding and abuse. The Urewera terror raids in New Zealand were an excellent, albeit extreme, example of how a lack of privacy can result in the abuse of many innocent people.

How the networks track you, and what you can do about it

You might think that your privacy is protected by virtue of sharing a connection (IP address) with others, or being with an ISP that gives you a dynamic IP address (an address which sometimes changes). Firstly, there are statistical methods to separate users with a known probability of correctness; more importantly, all such protection will disappear under IPv6, where there are enough addresses for every machine to have a permanent address.

But in any case, tracking companies don't even need your IP address to uniquely identify you. They can use your browser.

Even if you block cookies and hide your IP address through a proxy / VPN (you should be using a VPN anyway for public WiFi), you can still be uniquely identified through Javscript in your browser, in two ways: One, websites can re-create any of their cookies that you remove and block. Two, your browser provides a huge amount of information to websites. EFF's Panopticlick project demonstrates how that information is enough to uniquely identify you. The only proper protection is to completely disable Javascript - which stops most websites from displaying properly and some being readable or functional at all. Torbutton does all of the above and is widely considered the best way to protect your privacy online - but expect a frustrating experience as your browsing is much slower and websites depending on Javascript fail to work properly. So in practice, you can't properly protect yourself from a large proportion of websites, because they rely on Javascript.

I use a raft of browser add-ons and custom settings to make me more difficult to track (some of which make browsing more complicated and frustrating, but they also increase security). I also use PeerBlock to block loading content from known ad-network IPs (PeerBlock is very ineffective at stopping anti-piracy detection, which is what most people use it for, but it can be a minor help in increasing privacy), and Scroogle (scraped Google) to search without being logged.

Because of the issue with leaky Javascript, none of that is enough. And we're only talking about browsing - if you actively submit any information, privacy gets much more difficult. I'll leave that to another article.

The big picture

So while technical defenses may leak some of the holes, other holes are left wide open, and such measures are difficult, frustrating, and only usable by technically-savvy people. The market will never fix itself because private information is a lemon market. Consumers have no privacy information by which to make judgments. The only way for us to have privacy on the internet is legal protection. Companies need to disclose how they use our information and who they give it to. They need to be prevented from overriding the requests of users not to be tracked. They need be held accountable for the abuses that happen (nevermind their abysmal security which results in huge data sets being stolen on a weekly basis).

While government privacy bodies do some great work, it's like trying to stop the tide. They have few resources, pitted against the standard operating practice of the knowledge economy: an almost complete lack of transparency or accountability around personal data usage. Companies are not going to willingly give up the lucrative benefits of pervasive data-mining, technical tricks to track users against their explicit wishes, secret sharing of data with third parties, and insecure storage (good security is expensive).

And even within governments, the privacy protectors are hopelessly outmatched. Governments are responsible for the greatest privacy abuses of all - particularly military and police, but most departments, because of their wide access, and especially when they share their data - and they are consistently pushing for ever-more invasive ways to collate data and surveille the populace. To adopt the terminology of the Chronicle article: In some countries that data is used to capture and torture activists, promulgate opposing propaganda, or shut-down dissent in other ways (Orwellian privacy abuse), but in all countries the Kafkaesque abuses of bureacracy, mistakes, and lack of transparency, represent a real problem to your privacy. Just because you haven't seen the effect yet, doesn't mean there isn't a problem. In addition, digital storage means that your data is generally kept forever - the issues with this are numerous, from changes in government leadership, changes in laws (eg. data-mining to identify potential criminals), changes to officials and consultants managing the data, and changes in society (eg. some behaviours society considers acceptable now will be shocking in the future). I'm writing more about this for an upcoming article.

Preventing the government from spying on your online activity is harder still - it's possible but you need a good technical knowledge and careful awareness of your exposure. Full hard-drive encryption is a minimum requirement, as is Torbutton, but if you don't want people or firewalls knowing you're using Tor you'll need a traffic shaper like SkypeMorph which makes your traffic looks like a Skype video call. Against governments, full hard-drive encryption isn't enough - you need deniable encryption, for instance with a tool like TrueCrypt. For communication you need to use Off-the-Record Messaging, friend-to-friend networking and steganography tools like OpenPuff. And of course you can't login to websites like Google and Facebook which provide your private data to governments via an automatic interface without requiring a search warrant - so you'll also need an alternative email provider, and alternative social networking software like Diaspora or some other distributed program (although you need to be very conscious about who you're sharing with).

I don't think there will ever be a solution to the general problem of privacy in a world with computers. You can only do your best to minimize your exposure and educate your friends.

31 July 2011

Filed under: New Zealand digital ethics privacy

Reasons why full-body scanners shouldn't be used at security checkpoints

Customs recently trialled full-body scanners at Auckland International Airport. Here's why we need to stop them being introduced in New Zealand:

The most important point: It's security theatre. It doesn't actually improve security, it only makes people feel more secure. There have been multiple instances of box-cutters, razors and even pistols getting through undetected; and in any case there are various simple and undetectable methods for carrying explosives.
Safety concerns
1. The European Commission and several others have recommended they are not used on pregnant women and children.
2. The machines are not open to scrutiny from independent researchers, the software is closed-source.
3. If the X-ray beam is stopped for even a second, the concentrated radiation would cause serious injury. Any use of powerful X-rays is inherently dangerous. Even medical scanners have malfunctioned and caused delivered significant overdoses (causing hair loss, full-body rashes and seizures¹) despite all safety precautions; even more disturbingly, in some cases overdoses were not detected for over a year. Normally the very small risk of malfunction, and the radiation dose (with its corresponding increased risk of cancer), is acceptable because of the very likely benefits; but in this case there is no direct benefit to the person being scanned.
Privacy concerns
1. Many people believe it is against their religion to expose themselves to a stranger.
2. Machine specifications require the ability to store the images (despite TSA claiming the opposite).
3. Airport employees have been caught using the nude pictures of women as pornography.

References at the Wikipedia article. Which BTW is messy and biased so as always feel free to improve it!

22 May 2011

Filed under: censorship digital ethics political news privacy

German police seize political party servers

Yesterday police seized the servers of Germany's Pirate Party.

Apparently this is because the Pirate Party hosted a document collaboration tool (EtherPad, forerunner of the collaboration tools in Google Docs) - on one of their servers. Someone posted an SSL key in the (public) document, which was then used by the hacker group Anonymous to attack the website of the world's largest utility, French company EDF. EtherPad was only running on one of the servers but nevertheless police took all servers including their mail and other important infrastructure. This was in response to a request of the French police, and the German police were not legally required to comply. In fact Germany has some of the best privacy protections in the world, which makes it more shocking.

Rick Falkvinge, head of the Swedish Pirate Party, wrote:

Doing this to a democratic party — Germany’s sixth largest, actually — two days before an election is nothing short of a democratic sabotage. This shows why we must introduce understanding of information policy into the justice system all across Europe. A computer is not just something you can carry away; doing so has consequences. It is not a wrench, and yet the law (and police) treat it like any tool, just like a wrench.

Not terribly surprising that the website of the German police has been down since not long after the news was announced... The Pirate Party has distanced itself from the attacks.

Other references