Here’s a real copy of an American citizen’s DHS Travel Record, retrieved from the US Customs and Border Patrol’s Automated Targeting System and obtained through a FOIA/Privacy Act request. The document reveals that the DHS is storing: the traveler’s credit card number and expiration; IP addresses used to make Web travel reservations; hotel information and itinerary; full airline itinerary including flight numbers and seat numbers; phone numbers including business, home, and cell; and every frequent flyer and hotel number associated with the traveler, even ones not used for the specific reservation.
Browsing Posts in Privacy
Matt Blaze analyzes the implications of a recent Newsweek story on the Bush administration’s use of the NSA for domestic spying on communications, and questions whether the lower legal threshold for the collection of communications metadata is giving away too much to the government: ‘As electronic communication pervades more of our daily lives, transaction records — metadata — can reveal quite a bit about us, indeed often much more than a few out-of-context conversations might. Aggregated into databases with other people’s records (or perhaps everyone’s records) and analyzed by powerful software, metadata by itself can paint a remarkably detailed picture of connections, relationships, and other patterns that could never be recovered simply from listening to the conversations themselves.
The National Applications Office is meant to coordinate the use of military spy satellites to watch the US, but the GAO warns that more privacy checks are needed. Congress has given the NAO a qualified go-ahead, barring cooperation with law enforcement… for now.
[From New surveillance program will turn military satellites on US]
Mobile devices equipped with positioning capabilities (e.g., GPS) can ask location-dependent queries to Location Based Services (LBS). To protect privacy, the user location must not be disclosed. Existing solutions utilize a trusted anonymizer between the users and the LBS. This approach has several drawbacks: (i) All users must trust the third party anonymizer, which is a single point of attack. (ii) A large number of cooperating, trustworthy users is needed. (iii) Privacy is guaranteed only for a single snapshot of user locations; users are not protected against correlation attacks (e.g., history of user movement).
We propose a novel framework to support private location-dependent queries, based on the theoretical work on Private Information Retrieval (PIR). Our framework does not require a trusted third party, since privacy is achieved via cryptographic techniques. Compared to existing work, our approach achieves stronger privacy for snapshots of user locations; moreover, it is the first to provide provable privacy guarantees against correlation attacks. We use our framework to implement approximate and exact algorithms for nearest-neighbor search. We optimize query execution by employing data mining techniques, which identify redundant computations. Contrary to common belief, the experimental results suggest that PIR approaches incur reasonable overhead and are applicable in practice.
[From Gabriel Ghinita, "Private Queries in Location Based Services: Anonymizers are not ...]
New research could allow ISPs to selectively block or slow down your encrypted traffic even if they cannot snoop on your transmitted data. Italian researchers have found a way to categorize the type of traffic that is hidden inside an encrypted SSH session to around 90% accuracy. They are achieving this by analyzing packet sizes and inter-packet intervals instead of looking at the content itself. Challenges remain for ISPs to implement this technology, but it’s clear that encrypting your traffic inside an SSH session or VPN connection is not a solution to protect net neutrality.
The FBI has confirmed to Popular Mechanics that it’s not only adding palm prints to its criminal records, but preparing to balloon its repository of photos, which an agency official says ‘could be the basis for our facial recognition.’ It’s all part of a new biometric software system that could store millions of iris scans within 10 years and has privacy advocates crying foul. Quoting: ‘The FBI’s Next Generation Identification (NGI) system, which could cost as much as $1 billion over its 10-year life cycle, will create an unprecedented database of biometric markers, such as facial images and iris scans. For criminal investigators, NGI could be as useful as DNA some day — a distinctive scar or a lopsided jaw line could mean the difference between a cold case and closed one. And for privacy watchdogs, it’s a dual threat — seen as a step toward a police state, and a gold mine of personal data waiting to be plundered by cyber criminals.
My favorite group of federal Darwin Candidates are at it again.
A Canadian law clinic has asked the country’s Privacy Commissioner to take a closer look at the deep packet inspection being used by Bell Canada and others. While the technology also raises net neutrality concerns, in this case the issue is privacy.
[From Deep packet inspection under assault over privacy concerns]
Excellent article, chronicling the surveillance debate from the mid 1980s until today. Don’t expect good coverage of the current debate, however: the legality of the NSA’s recent domestic eavesdropping program, and the legality of the assistance provided by the telcos.
“It probably won’t surprise you, but in 2005, the FBI manufactured evidence to get the power to issue National Security Letters under the PATRIOT Act. Unlike normal subpoenas, NSLs do not require probable cause and you’re never allowed to talk about having received one, leading to a lack of accountability that caused them to be widely abused. The EFF has discovered via FOIA requests that an FBI field agent was forced by superiors to return papers he got via a lawful subpoena, then demand them again via an NSL (which was rejected for being unlawful at the time), and re-file the original subpoena to get them back. This delay in a supposedly critical anti-terror investigation then became a talking point used by FBI Director Robert Mueller when the FBI wanted to justify their need for the power to issue National Security Letters.”
[From FBI Lied To Support Need For PATRIOT Act Expansion]
Anyone really surprised here? They continue to not amaze.
Congress, DHS battle over domestic spy sats
FBI Tried to Cover Patriot Act Abuses With Flawed, Retroactive Subpoenas
They guys are still at it; they keep getting my vote for top listing in Darwin Candidates.
Lawmakers let surveillance law lapse [From Brief: Lawmakers let surveillance law lapse]
Senate passes wiretap bill, grants immunity [From Brief: Senate passes wiretap bill, grants immunity]
A few clueless individuals lately have proclaimed that SECURITY & PRIVACY are a Zero Sum Game. Those associated with the White House, FBI, Congress, TELCOs, DHS and DNI may need to re-read some basic American Constitutional documents. Maybe there should be a special “Are You Smarter than a 5th Grader” version just for them.
Bruce Schneier has a great blog post on Security vs. Privacy
Boing Boing’s Gadgets editor Joel Johnson was asked to appear on The Hugh Thompson Show, an AT&T-produced program that airs on the AT&T Tech Channel. Johnson was obviously supposed to speak about gadgets, but instead used his allotted time questioning AT&T’s plans to implement piracy filters across their network, which the show’s producers apparently didn’t appreciate.As you can see from the video, the crew ended up scrubbing the interview about half-way through. Figuring that might happen, I asked my steely-nerved friend Richard Blakeley to tape the first take. I wanted to make sure that we had a record of the event, primarily to ensure that AT&T would have no reason to try to bury the interview entirely the same reason I am running this clip now, while discussion about what to do with my segment in post-production is surely underway.In a second take gadgets are discussed, but network neutrality and AT&T’s relationship with the NSA become fodder for conversation.
read comment(s) [From Will AT&T Filter Discussion Of Their Filters? - Boing Boing gadget blogger questions practice on AT&T-produced show]
US Government challenges encryption keys ruling [From US Government challenges encryption keys ruling]
Spychief Mike McConnell is drafting a plan to protect America’s cyberspace that will raise privacy issues and make the current debate over surveillance law look like “a walk in the park,” McConnell tells The New Yorker in the issue set to hit newsstands Monday. “This is going to be a goat rope on the Hill. My prediction is that we’re going to screw around with this until something horrendous happens.”
Significant security flaws in the Transportation Security Administration’s traveler redress web site exposed thousands of travelers to the risk of identity theft. Alanis might call it ironic, but we call it sad and unacceptable.
[From TSA security flaws exposed users to risk of identity theft]
In announcing the final Real ID rules, DHS Secretary Chertoff’s message was clear: the time for democratic debate about what kind of society we want is over; it’s time for a national ID card.
[From Chertoff on final Real ID rules: "Reconfiguring our society"]
