Types of Surveillance Technology Currently Used by ...
-
Upload
petersam67 -
Category
Technology
-
view
813 -
download
1
Transcript of Types of Surveillance Technology Currently Used by ...
Types of Surveillance Technology Currently Used
by Governments and Corporations
Jeffrey ArestyPresident, Internetbar.org
www.internetbar.orgwww.cyberspaceattorney.com
March 2006
2
Introduction
At present, users obtain various online identities (“IDs”) from E-mail ISPs URLs
IDs function on the Internet in anonymous space—an online “ID” does not actually identify the person connected with the ID
Anonymity facilitates theft, fraud, and abuse
3
Introduction
In contrast, in the works are efforts to create a new layer of identity
Focusing on the user, the new system would not require multiple online IDs, but would be characterized by a single sign-on
The system, called an “open security,” would be more secure and trustworthy, reducing theft, fraud, and abuse
4
Introduction
In part because we do not yet have security on line, governments and corporations can, and do, breach privacy with technology
Intrusions fall into two categories Cyberspace intrusions Breaches of privacy in the physical world
Increasing capacity and tendency to use technology to connect new and old technologies for surveillance
5
Real-World Technologies that Intrude on Privacy
Cameras Eavesdropping Face-Recognition and
other Biometrics “No Fly” and Similar
Watch Lists
Odor Prints Radiation Detection
Technology RFID Smart Video
Surveillance
6
Cameras
Cameras have been used for decades by governments
to monitor traffic to detect and prevent crime
by corporations to surveill private businesses to detect and prevent crime in retail establishments
7
Cameras In Britain,
more than four million closed-circuit (“CCTV”) cameras 1,800 cameras in railway stations; 6,000 in underground train
network and buses CCTV tapes used in July 2005 London bombings investigation
In US, 5,000 cameras in New York City’s transportation systems US Border Patrol uses Remote Video System (“RVS”) along
borders, costing over $64 million in FY2005
Worldwide, video surveillance software sales in 2004 were $147 million; expected to reach $642 million in 2009
8
Eavesdropping
US government has capacity and authority to monitor e-mail, telephone, pager, wireless phone, facsimile, computer, and other electronic communications and communication devices
Court order is required except in emergencies and cases of national security
In 2003, 1,442 wiretaps requested, all granted, intercepting over four million conversations
9
Eavesdropping
National Security Agency (“NSA”) uses “Echelon”—global electronic eavesdropping system Picks up telephone, e-mail, Internet upload Downloads communications transmitted by satellite,
microwave tower, cable Information sifted by supercomputers for terrorism
information Software-defined radio, a wireless technology, makes cell
phones and computers easier to bug and makes intercepting device compatible with networks
10
Face-Recognition and other Biometrics Biometric devices scan, record, and recognize
Irises Voices Facial bone structure
Improved picture quality technology enables face-recognition software to inspect 1/400th of face—size of pores
Infrared technology piggybacked onto face-recognition software enables three-dimensional “map” of face
Plans for US passports with face-recognition biometrics and RFID chips
EU requires member states to have face biometrics in passports in mid-2006
11
Face-Recognition and other Biometrics
In 2003, biometric face-recognition software resulted in over 40% false positives
$4.7 billion industry in 2009 Other biometrics:
below-skin fingerprints (capture swirling patterns of capillaries)
palm scanners that read vein patterns iris scanners gait-recognition systems (measure torso’s silhouette and
movement of shoulders and legs to determine individual signature strides)
12
“No Fly” and Similar Watch Lists
In 2005, 12 separate lists maintained by nine US governmental agencies
Confusion and lack of leadership in maintenance of lists; some lists outdated
“List bloat”—lists become unreasonably large from incentive to add names, sloppiness
Innocent individuals’ names appear
13
“No Fly” and Similar Watch Lists
Access to the lists curtailed in the name of security—nearly impossible to discover if and why a name is on the list, much less have it removed
Lists will connect with government-developed “Secure Flight”
Related: British government pressing for creation of comprehensive electronic population register
14
Odor Prints
Odor-printing technology is based on premise that each human being has distinct set of odors that could serve as an identifier
15
Radiation Detection Technology
US Customs and Border Protection (“CBP”) employs radiation-detection technologies at official entry points, including
Highly sensitive personal radiation detectors Radiation portal monitors Hand-held radiation isotope identifiers
16
Radio Frequency Identification (“RFID”)
Tiny computer chips use electromagnetic energy in the form of radio waves to track things from a distance
Nicknamed “spychips” Can travel through clothing, backpacks, briefcases,
wallets, walls, and windows without obstruction, misorientation, or detection
RFID chips read and retain biometric information, such as fingerprints and photographs
17
Radio Frequency Identification (“RFID”)
The RFID tag, in use in 2005, contains Tiny silicon computer chip with unique ID number Connected antenna
RFID tag is Thumbnail size Affixed to plastic surface Paper thin
Can be embedded into clothing label, where it is virtually undetectable
18
Radio Frequency Identification (“RFID”)
“Passive” RFID tags do not have their own internal power source, but communicate when a reader seeks a signal from them
“Active” or self-powered RFID tags have a battery attached and so can actively transmit information
RFID reader emits radio waves, seeking out RFID tags
RFID easily integrates into existing database systems
Electronic Product Code—every, single object on Earth will have its own unique ID number
19
Radio Frequency Identification (“RFID”) By 2005 embedded in some
Worker uniforms Employee and student ID badges Toll transponders Animals (pets and livestock) Warehouse crates and pallets Gasoline cards Consumer products such as diapers and shampoo Library books Toll collection systems such as EZ-Pass Keyless remote systems for cars Keyless remote systems for garage door openers
20
Radio Frequency Identification (“RFID”)
Predicted to be embedded soon in Clothing Passports ATM cards Vehicles US postage stamps Paintings Beads Nails Wires Cash
21
Radio Frequency Identification (“RFID”) “VeriChip”—glass capsule containing RFID device to be injected
into human flesh for ID and payment purposes 60 persons in US had VeriChips at end of 2005 Also, injected into deceased victims of Hurricane Katrina
RFID is predicted to be used by Retailers to price products according to customer’s purchase
history and value to store Pharmaceutical manufacturers on prescription medications Banks to identify and profile customers who enter premises Governments to
electronically frisk citizens at invisible checkpoints track citizens in airports and border-crossing points track mail sent from point to point through embedded postage stamps track library materials
22
Smart Video Surveillance
Video surveillance combined with behavior-recognition software
Uses computer to “Learn” what “normal” behavior is Identify unusual activity, such as shifting in one’s
seat on a bus Work in conjunction with other technology such as
facial-recognition systems
23
Privacy Intrusions in Cyberspace
Clickstream Data Analysis Cookies Man-in-the-Middle Attacks Pharming Phishing Spyware Voice Over Internet Protocols (VoIPs) Web Bugs
24
Clickstream Data Analysis
Logs of transactions recently performed on Internet computers, such as Addresses of computers that have made requests Date and time How computer’s services were used Which page was visited prior to entrance into Website How Website was exited
Internet logs also called “Clickstreams” Can be used to prepare statistics about paths taken
and not taken by Internet users
25
Cookies
Small file placed and stored on user’s computer by remote computer
Used to track information about how user moved about Website Which choices made Which links clicked
User visits same Website again and cookie, now written onto user’s computer, provides information about user’s last visit
Cookies can be used to build user profiles Internet sites share cookie information with others
26
Man-in-the-Middle Attacks
Computer security breach in which hacker intercepts, reads, and alters data traveling along network between two Websites
Also called “TCP hijacking”
27
Pharming
Hacker’s redirection of Internet traffic from one Website to another
Second Website appears identical to legitimate site
User is tricked into entering user name and password into fake site
“DNS poisoning” or “DNS cache poisoning” used to reroute user
Domain name system’s servers corrupted
28
Phishing Internet user receives e-mail appearing to be legitimate
and from reputable company, asking user to reply with updated credit card information
Clicking on link sends user to fake Website, where user provides Credit card information Date of birth Address Site password Social Security number
Also called “brand spoofing” “Puddle phishing” is phishing specifically targeting a
small company, such as community bank
29
Spyware
Software that sends data about user when computer is connected to the Internet
30
Voice Over Internet Protocols (VoIPs)
Method for speaking through computer by phone or microphone Analog voice signal converts to digital format Broadband networks transmit calls in Internet
Protocol (“IP”) packets Also called Internet telephony VoIP vulnerable to eavesdropping
A free Internet program captures and converts transmissions to audio files
31
Voice Over Internet Protocols (VoIPs)
Is VoIP a communications service or information service?
In 2005, FCC adopted rules requiring VoIP providers to allow law enforcement to tap into Internet phone calls
FBI has authority and ability to conduct surveillance of broadband users pursuant to court order
32
Web Bugs
Tiny, invisible image or graphic embedded into HTML-formatted Website or e-mail message to track users’ activities
Web bugs present as HTML IMG tags Provide Website owner with information about hits,
including IP address of user’s computer Type of browser used Time of the hit Previously set cookies
Also called “HTML bugs” or “clear GIFs”
33
Connectors of Information Automated Targeting System Automatic Number Plate Recognition System CALEA Petition for Rulemaking Data Mining ID Cards Integrated Automated Fingerprint Identification System Multistate Anti-Terrorism Information Exchange “Secure Flight” and other Targeting Systems Sharing/Databases Terrorist Screening Database of the Terrorist Screening Center Total Information Awareness US-VISIT
34
Automated Targeting System (“ATS”)
US Customs and Border Protection technology collects and analyzes cargo shipping data
Distinguishes and identifies high-risk shipments
35
Automatic Number Plate Recognition System (“ANPR”)
Britain’s national database Each camera on a pole or in police van is
supported by a computer Allows for automatic tracking Information obtained by camera immediately
cross-referenced with database In 2006, information could be stored for two
years; projected to be able to store for five years
36
CALEA Petition for Rulemaking
In August 2005, FCC ruled that Internet broadband access providers and certain VoIP service providers must design networks to be wiretap-friendly pursuant to Communications Assistance for Law Enforcement Act (CALEA) of 1994
37
Data Mining
Computer systems that search numerous databases for correlations between data
Currently used by corporations to determine consumer preferences
38
ID Cards
Biometric ID cards to be issued starting in 2008 to voluntary participants in Britain would become compulsory in 2013
Cards contain Name Gender Date and place of birth Current and previous addresses Immigration status Chip containing
Digital photo Fingerprints Iris scans
39
Integrated Automated Fingerprint Identification System (“IAFIS”)
System electronically compares live-scanned fingerprint with database of previously captured fingerprints
40
Multistate Anti-Terrorism Information Exchange (“MATRIX”)
Integration of factual, disparate data from existing sources to Web-enabled storage systems to identify and combat criminal activity
Includes Aircraft and other property ownership records Bankruptcy filings Corporate filings Criminal history records Digital photographs Driver’s and pilot’s licenses State professional licenses State sexual offenders lists Terrorism watch lists UCC filings Vehicle registrations
41
“Secure Flight” and other Targeting Systems
Secure Flight passenger-screening program Computer-assisted passenger screening system that
searches databases, matches passenger against FBI consolidated watch list, and rates passenger with a “threat level” in red, yellow, or green
Based on tagging, passengers could be scrutinized, interrogated, or detained
Might incorporate behavioral profiling Goal is to link in real time to video images—automatic link
between video of terrorist suspect and watch list Not yet approved in mid-2005
42
“Secure Flight” and other Targeting Systems Border Patrol Targeting Systems Enhancement
Over $20 million budgeted in US Department of Homeland Security in 2005
Seeks to develop and refine automated target recognition systems using latest sensor technology
Semantic Information Fusion Seeks to correlate disparate data about human targets, including
Location Identity Behavior
Creates composite description of a particular situation Uses linguistic information and physics-based models of access,
mobility, and visibility to reconstruct past and infer current events
43
Sharing/Databases
Governments increasingly share citizens’ personal information with each other and with the private sector
“Data . . . are tributaries flowing into one giant river of databases.” Lee Tien, Electronic Frontier Foundation (Aug. 8, 2005)
44
Terrorist Screening Database (“TSDB”) of the Terrorist Screening Center (“TSC”)
Aggregates numerous government watch-lists In 2005, TSDB had over 200,000 names, ranging
from known terrorists to persons suspected of having some ties to terrorism
Each name receives one of 28 codes, describing person’s connection to terrorism
Names are categorized according to the actions users should take when encountering someone on list
45
Total Information Awareness (“TIA”)
Computer surveillance system proposed by Department of Defense
Would have used data mining and networking to connect sources of information including Credit card purchases Bank transactions E-mail
Shut down by Congress in 2003
46
US-VISIT
Project of US Department of Homeland Security to develop biometric-enabled system for collecting, maintaining, and exchanging information on foreign nationals
$340 million budgeted for FY2005
47
Conclusion
Government and corporations are using many technologies for surveillance, invading privacy in cyberspace and in the real world
Do citizens and consumers care? What can we do to protect our privacy and to
manage our digital identities and digital reputations?
48
For more information
Contact Jeffrey Aresty, President, Internetbar.org, [email protected]
Articles on privacy-invading technologies and public attitudes toward privacy invasions are available now
Article on digital identity will be available soon