On Q Professional Investigations

Another day another issue with an Apple product. Sigh. Except maybe you should hold off on that sigh, because this one’s serious. Apple has, once again, been caught tracking iPhone users.

In April 2011, analysts at a UK security conference discovered that iPhones and iPads running iOS4 had been secretly tracking their users’ every movement. Apple then denied that it was tracking users, although it did so without directly addressing the evidence brought forward by the security company.

Now it has emerged that Apple has started tracking iOS6 users so it can target them through a new tracking technology called IFA or IDfA.

The technology has, in fact, been around since June. Mobile app engagement specialist Apsalar calls it “great news for the mobile app advertising industry” and a “better alternative to the UDID”. A UDID, is the unique, indestructible serial number that every iOS number comes with. It’s also what developers were using to track people — and what Apple stopped them using in the wake of the last tracking scandal.

IFA is definitely in iOS6 — in fact that Apsalar blog post we linked to earlier mentions the fact that it’s sanctioned by Apple as one of the pros of IFA — but, as Business Insider notes, it’s definitely not listed among the features on the iOS6 page.

IFA stands for Identifier for Advertising and is sort of like a persistent cookie which works across apps and publishers. According to Business

Insider, it triggers as soon as you enter a site on your browser or use an app. The IFA is passed on to an ad server. The advertiser now knows what site you’re looking at and can send you a targeted ad.

It also allows advertisers to track you all the way to “conversion”, in the form of an app download for instance. That’s big news for advertisers and gives them a much more serious measure of their success than they could otherwise hope for. What it won’t do however is track you as an individual person. Your device is just part of a series of aggregate data points.

While tracking is turned on by default, it is at least possible to turn it off in iOS 6, although not necessarily easy.

To turn off tracking, go to the settings menu. Look under “General”, then go to “About” and then “Advertising”. Look for “Limit Ad Tracking” and turn switch it to On. It might seem a little counter intuitive but it makes sense when you think about it. You have to turn the limiter on to turn the ads off. Simple.

Given the large number of steps and the fact that Apple hasn’t exactly been shouting from the rooftops about the new technology, it’s likely that most iOS 6 users will end up being tracked.

“It’s a really pretty elegant, simple solution,” Mobile Theory CEO Scott Swanson told Business Insider. “The biggest thing we’re excited about is that it’s on by default, so we expect most people will leave it on.”

At this point, the Fandroids are probably leaning back with smug smiles on their faces. Woah there cowboy (or girl). You Android device also tracks you according GPS location, Wi-Fi hotspots the phone has encountered, and the device ID.

That said, it’s always given you the option to opt out.

View Source

Lo-Jack for students?

That’s what a large Houston, Texas school district has tested in two of its schools this year and will make mandatory for all students in the coming weeks. The reason? Well, school officials say due to overcrowding they need to keep track of the whereabouts of students for safety reasons.

So how does this work? There would be a small microchip embedded into a card, which students would wear on a lanyard around their neck during school hours. The card emits a radio frequency picked up by scanners positioned throughout the school. This program isn’t void of protesting parents and students that feel it impedes on their constitutional rights. However, those parents may be in for a shock when they realize that the U.S. Supreme Court has ruled in the past that some freedoms enjoyed by those outside of school are restricted when a student is in school, mostly for the safety of the student body.

Should a school be allowed to put GPS tracking devices on its students? It certainly sounds like an invasion of privacy and the ACLU, of course, is weighing in on the issue. This Texas school and all schools for that matter have a responsibility to keep our children safe. Supporters have argued that many schools are overcrowded and a lot of shenanigans can happen, such as fights, kids skipping school and even abductions. A device such as this could help to solve student issues and perhaps save a life.

I think it’s a mistake to create a card that acts as the main identifying mark of student. The role of administrators is to operate the school safely and teach our youth. However, with such high salaries of superintendents, they might want to consider alternative concepts, such as taking a pay cut and hiring a few more security personnel to secure the premises rather than eliminate a person’s identity.

But hey, it’s only my opinion. What do you think?

Is Big Brother watching you?

View Source

The traditional approach to video surveillance is to blanket a property with low-res VGA cameras to catch suspicious activities from any angle. But with Avigilon’s 29-megapixel JPEG2000 HD Pro, you can slap a wide angle Canon lens on the end and cover an entire parking lot in one fell swoop.

It might border on overkill, but there are good reasons for using a high-resolution security camera that can accept EF mount lenses. Besides ensuring images aren’t going to be obfuscated by a cheap lens, there’s sufficient detail to make out faces and even licence plate numbers from a fair distance. And a fast expensive lens can considerably boost a camera’s low-light performance. Although, you’d want to keep the f-stop in check to avoid a useless shallow depth of field.

Avigilon claims the camera provides the same amount of coverage as over 95 VGA resolution cameras, but that’s assuming they’d all be pointed in the same general area. It’s also limited to a frame rate of just two shots per second, but that’s a fair trade-off if it yields a clear shot of a perp that leads to an arrest.

View Source

Google has launched a new effort to warn its users that they could be the victims of cyberattacks from hostile governments.

Account-holders working in international relations, development and other sensitive areas have received messages from the search giant informing them of recent efforts to spy on their online history.

The move comes after the company started detecting ‘tens of thousands’ of new hacking attacks originating in the Middle East.

Google is a tempting target for hackers, as it is not focussed solely on search but also offers its users services such as email, mapping and Chrome, one of the most popular web browsers.

This week, according to the New York Times, users thought to have been targeted saw a message attached to their accounts saying, ‘Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.’

Read More

Just as the U.S. Department of Agriculture mandates Radio Frequency Identification Device chips to monitor livestock, a Texas school district just begun implanting the devices on student identification cards to monitor pupils’ movements on campus, and to track them as they come and go from school.

Tagging school children with RFID chips is uncommon, but not new. A federally funded preschool in Richmond, California, began embedding RFID chips in students’ clothing in 2010. And an elementary school outside of Sacramento, California, scrubbed a plan in 2005 amid a parental uproar. And a Houston, Texas, school district began using the chips to monitor students on 13 campuses in 2004.

It was only a matter of time. Radio frequency identification devices are a daily part of the electronic age, and are fast becoming a part of passports, libraries and payment cards, and are widely expected to replace bar-code labels on consumer goods.

And it appears that the educational move to Big Brother-style monitoring is motivated mainly by money, despite privacy and health concerns.

Two schools at the Northside Independent School District in San Antonio began issuing the RFID-chip-laden student-body cards when classes began last Monday. Like most state-financed schools, their budgets are tied to average daily attendance. If a student is not in his seat during morning roll call, the district doesn’t receive daily funding for that pupil, because the school has no way of knowing for sure if the student is there.

But with the RFID tracking, students not at their desk but tracked on campus are counted as being in school that day, and the district receives its daily allotment for that student.

“What we have found, they are there, they’re in the building and not in their chairs. They are in the cafeteria, with counselors, in stairwells or a variety of places, some legitimately and some not,” district spokesman Pascual Gonzalez said in a telephone interview. “If they are on campus, we can legally count them present.”

The Spring Independent School District in Houston echoed the same theory when it announced results of its program in 2010. “RFID readers situated throughout each campus are used to identify where students are located in the building, which can be used to verify the student’s attendance for ADA funding and course credit purposes,” the district said.

But privacy groups are wary.

“We don’t think kids in schools should be treated like cattle,” Marc Rotenberg, the executive director of the Electronic Privacy Information Center, said in a telephone interview. “We generally don’t like it. My take on RFID is it’s fine for products, but not so much for people. That’s one of the places where the lines need to be drawn. ”

But there appears to be dozens of companies who see no need to draw such a line and offer their RFID wares to monitor students in what is still a tiny but growing market. Among the biggest companies in the market: AT&T.

“One day soon, home room teachers in your local middle and high schools may stop scanning rows of desks and making each student yell out ‘Here!’ during a morning roll call. Instead, small cards, or tags, carried by each student will transmit a unique serial number via radio signal to an electronic reader near the school door,” AT&T says in its RFID-student advertising materials.

Gonzalez said there has been minimal parental and student opposition to the program at John Jay High School and Anson Jones Middle School. The pilot project could expand to the Northside Independent School District’s 110 other schools, he said.
As for privacy, the system only monitors a student’s movements on campus. Once a student leaves campus, the chips no longer communicate with the district’s sensors.
He said the chips, which are not encrypted and chronicle students only by a serial number, also assist school officials to pinpoint where kids are at any given time, which he says is good for safety reasons. “With this RFID, we know exactly where the kid is within the school,” he said noting students are required to wear the ID on a lanyard at all times on campus.

The lack of encryption makes it not technically difficult to clone a card to impersonate a fellow student or to create a substitute card to play hooky, and makes the cards readable by anyone who wanted to install their own RFID reader, though all they would get is a serial number that’s correlated with the student’s ID number in a school database.

EPIC’s Rotenberg was among about two dozen health and privacy advocates who signed an August position paper blasting the use of RFID chips in schools.

The paper, which included signatures from the American Civil Liberties Union, Electronic Frontier Foundation and, among others, Big Brother Watch, said the RFID systems may have “potential” (.pdf) health risks, too.

“RFID systems emit electromagnetic radiation, and there are lingering questions about whether human health might be affected in environments where the reading devices are pervasive,” the paper said. “This concern and the dehumanizing effects of ubiquitous surveillance may place additional stress on students, parents, and teachers.”

Gonzalez said John Jay High has 200 surveillance cameras and Anson Jones Middle School, about 90.

“The kids,” he said, “are used to being monitored.”

View Source

It’s a bit of a wonder that communism hasn’t fallen to its knees, screaming, “You win!” at Nike. Since 2006, the company has implanted tracking sensors into its line of Nike+ sneakers, a practice you would think certainly has political implications. A couple of weeks ago, the Hyperdunk (basketball) and Lunar (training) both received the Nike+ treatment with an updated “pressure sensor,” becoming the Hyperdunk+ and Lunar TR1+ respectively with glow-in-the-dark details. Both shoes boast sensors embedded in the “corners” of the sole and a processor in the middle that uploads all its information wirelessly to an app in your phone. This information includes how fast you’re going, your reps, and how high you’re jumping. It also calibrates your capacity for greatness based on ability and comparative effort. In other words, it knows how hard you’re trying. Drop a thousand crates of them on North Korea and it’s curtains for their labor camps.

On one hand, it’s a little scary: these shoes are kind of spying on you. Especially since the app also encourages you to upload showoff videos, and compete against others. Embed a GPS in these sneakers and suddenly you have a device that effectively puts you in jail while making you feel like you’re free. We don’t really know where all this information is going, do we? But whatever, honestly, that dark paranoia melted away after I put them on. I am used to wearing heels every day. It was extremely foreign to me to buckle down and purchase flat sandals this summer, so to wear actual sneakers is like an epiphany for my feet. These shoes were incredible (and disclaimer: no one at VICE or at Nike harassed me to write about the experience, by the way, which is extremely rare)—light, springy, insanely comfortable, and somehow exciting. They felt like I was wearing a space-age fish. I have no idea what that actually means, as up until this point I had been legitimately terrified of fish. Yes, somehow this sneaker not only lazered through my conspiracy fantasies, it also cured a phobia. Powerful.

Read more

How secure are your Internet communications and phone calls? How private are your travels with a cellphone in your pocket or purse?

“Privacy is dead” earned the status of an Internet meme long before Facebook and other social media showed how willingly some of us would sacrifice our personal information for connection, celebrity, or even just the lure of free stuff.

But commercial intrusions such as ads based on our Web surfing aren’t the only risks we face in the age of the Internet, cellphones, and ubiquitous electronics. Or even the most important ones.

Just this week, U.S. Rep. Ed Markey (D., Mass.) announced that U.S. wireless carriers had received more than 1.3 million demands last year for subscriber data — including subpoenas or orders seeking text messages or subscribers’ whereabouts — from federal, state and local law enforcement agencies. Verizon, the largest carrier, told Markey that such requests were rising about 15 percent a year.

Nothing to worry about for the law abiding, right? But abroad, some such requests come from authoritarian regimes — and our own hands may not be totally clean. As a new Pew Internet study on the role of technology companies noted last week, Bloomberg recently reported that Western companies had provided surveillance systems to governments such as Iran and Syria with abysmal human-rights records.

Especially since the 9/11 attacks, U.S. officials and the high-tech community have struggled for a balance between two undeniable concerns: our common interest in security and law enforcement vs. our individual interests in privacy and autonomy — what Justice Louis Brandeis famously called “the right to be let alone.”

Later this month, the Senate is likely to begin debate on the latest focus of that struggle: the proposed Cybersecurity Act of 2012, sponsored by Sen. Joe Lieberman, the Connecticut independent.

Lieberman’s bill is narrower than Sen. John McCain’s competing proposal, the Secure IT Act, according to Greg Nojeim, who follows the debate closely as senior counsel at the Center for Democracy and Technology, an advocacy group.

Nojeim said both bills share the same goal — and an aim he shares, as well: helping those who run the nation’s information networks and critical infrastructure avoid cyberattacks. But Nojeim worries that in the quest for an impossible goal — perfect security — we risk tipping the balance too far toward what he calls a “surveillance state.” He says both proposals allow too much personal information to be shared and “used for reasons unrelated to cybersecurity.”

Matt Blaze, a University of Pennsylvania computer scientist, shares Nojeim’s concern that we might be missing that elusive balance.

As a researcher in cryptography and computer security, Blaze spends much of his time trying to improve network security. Last year, he drew national attention — and aided law enforcement — when he identified a major security flaw in radio systems used by federal agents to communicate.

But Blaze also worries about the unintended consequences of too much data collected and stored in systems that are inherently insecure — a result, he says, not of anyone’s design, but simply of the way technology has progressed.

Ironically, some efforts to fight crime electronically may have made crime easier. One example occurred in Greece, after officials pushed to install wiretapping interfaces in new phone networks.

“Someone discovered a few years ago that one of the main cellphone networks in Athens had been thoroughly compromised by somebody,” Blaze says. “They never solved it — they never figured out who. But somebody was using the interface to tap about 100 top officials, including U.S. embassy officials.”

It’s also hard for laws to keep up with technology. For instance, the Electronic Communications Privacy Act protects the privacy of e-mail for 180 days — plenty long when the law was enacted in 1986 but inadequate today.

“Storage was expensive, and no providers saved it that long,” Nojeim says. “Now they can and do save it for years, and users expect them to.” Yet when Internet companies and groups such as CDT pushed last year to lengthen the protection, Congress balked.

Blaze says that every time new technology is introduced, law enforcement worries that it will be outgunned — that their “surveillance systems are going dark.”

But he says a fairer reading of recent history, and the explosion of new technologies with inherent insecurities, shows that the eavesdroppers are way ahead — whether they’re good guys or bad guys.

“Thirty years ago, if I wanted to bug your phone I might have attached alligator clips or installed a microphone,” he says. “Today, I can do that with a software virus.”

Above all, Blaze warns against the trap of believing “there’s a stark, zero-sum trade-off between privacy and security.” It’s a more complex calculus, and a constant challenge to policymakers as well as technologists.

But this much is clear: “Once data is collected,” he says, “it will be used in ways you didn’t expect.”

Read more

It’s been several years since the rumors and sightings of insect sized micro drones started popping up around the world.

Vanessa Alarcon was a college student when she attended a 2007 anti-war protest in Washington, D.C. and heard someone shout, “Oh my God, look at those.”

“I look up and I’m like, ‘What the hell is that?’” she told The Washington Post. “They looked like dragonflies or little helicopters. But I mean, those are not insects,” she continued.

A lawyer there at the time confirmed they looked like dragonflies, but that they “definitely weren’t insects”.

And he’s probably right.

In 2006 Flight International reported that the CIA had been developing micro UAVs as far back as the 1970s and had a mock-up in its Langley headquarters since 2003.

While we can go on listing roachbots, swarming nano drones, and synchronized MIT robots — private trader and former software engineer Alan Lovejoy points out that the future of nano drones could become even more unsettling.

Lovejoy found this CGI mock up of a mosquito drone equipped with the ‘ability’ to take DNA samples or possible inject objects beneath the skin.

According to Lovejoy:

Such a device could be controlled from a great distance and is equipped with a camera, microphone. It could land on you and then use its needle to take a DNA sample with the pain of a mosquito bite. Or it could inject a micro RFID tracking device under your skin.

It could land on you and stay, so that you take it with you into your home. Or it could fly into a building through a window. There are well-funded research projects working on such devices with such capabilities.

He offers some good links though his Google+ page and Ms. Smith at Network World offers up even more.

Read more

In the first public accounting of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information last year from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations.

The cellphone carriers’ reports, which come in response to a Congressional inquiry, document an explosion in cellphone surveillance in the last five years, with the companies turning over records thousands of times a day in response to police emergencies, court orders, law enforcement subpoenas and other requests.

The reports also reveal a sometimes uneasy partnership with law enforcement agencies, with the carriers frequently rejecting demands that they considered legally questionable or unjustified. At least one carrier even referred some inappropriate requests to the F.B.I.

The information represents the first time data have been collected nationally on the frequency of cell surveillance by law enforcement. The volume of the requests reported by the carriers — which most likely involve several million subscribers — surprised even some officials who have closely followed the growth of cell surveillance.

“I never expected it to be this massive,” said Representative Edward J. Markey, a Massachusetts Democrat who requested the reports from nine carriers, including AT&T, Sprint, T-Mobile and Verizon, in response to an article in April in The New York Times on law enforcement’s expanded use of cell tracking. Mr. Markey, who is the co-chairman of the Bipartisan Congressional Privacy Caucus, made the carriers’ responses available to The Times.

While the cell companies did not break down the types of law enforcement agencies collecting the data, they made clear that the widened cell surveillance cut across all levels of government — from run-of-the-mill street crimes handled by local police departments to financial crimes and intelligence investigations at the state and federal levels.

AT&T alone now responds to an average of more than 700 requests a day, with about 230 of them regarded as emergencies that do not require the normal court orders and subpoena. That is roughly triple the number it fielded in 2007, the company said. Law enforcement requests of all kinds have been rising among the other carriers as well, with annual increases of between 12 percent and 16 percent in the last five years. Sprint, which did not break down its figures in as much detail as other carriers, led all companies last year in reporting what amounted to at least 1,500 data requests on average a day.

With the rapid expansion of cell surveillance have come rising concerns — including among carriers — about what legal safeguards are in place to balance law enforcement agencies’ needs for quick data against the privacy rights of consumers.

Legal conflicts between those competing needs have flared before, but usually on national security matters. In 2006, phone companies that cooperated in the Bush administration’s secret program of eavesdropping on suspicious international communications without court warrants were sued, and ultimately were given immunity by Congress with the backing of the courts. The next year, the F.B.I. was widely criticized for improperly using emergency letters to the phone companies to gather records on thousands of phone numbers in counterterrorism investigations that did not involve emergencies.

Under federal law, the carriers said they generally required a search warrant, a court order or a formal subpoena to release information about a subscriber. But in cases that law enforcement officials deem an emergency, a less formal request is often enough. Moreover, rapid technological changes in cellphones have blurred the lines on what is legally required to get data — particularly the use of GPS systems to identify the location of phones.

As cell surveillance becomes a seemingly routine part of police work, Mr. Markey said in an interview that he worried that “digital dragnets” threatened to compromise the privacy of many customers. “There’s a real danger we’ve already crossed the line,” he said.

With the rising prevalence of cellphones, officials at all levels of law enforcement say cell tracking represents a powerful tool to find suspects, follow leads, identify associates and cull information on a wide range of crimes.

“At every crime scene, there’s some type of mobile device,” said Peter Modafferi, chief of detectives for the Rockland County district attorney’s office in New York, who also works on investigative policies and operations with the International Association of Chiefs of Police. The need for the police to exploit that technology “has grown tremendously, and it’s absolutely vital,” he said in an interview.

The surging use of cell surveillance was also reflected in the bills the wireless carriers reported sending to law enforcement agencies to cover their costs in some of the tracking operations. AT&T, for one, said it collected $8.3 million last year compared with $2.8 million in 2007, and other carriers reported similar increases in billings.

Read more

US Justice Department prosecutors pleaded with a federal appeals court to allow the placement of GPS tracking devices on the vehicles of suspected criminals without first obtaining a search warrant.

This argument goes against the Supreme Court ruling in the Jones case back in January which we have reported on extensively here at RMT, and asks the court to reconsider their decision. The ruling makes the practice of placing a tracking device without obtaining a warrant illegal, as it violates an individual’s Constitutional rights.

The Ninth Circuit Court of Appeals is hearing the arguments, and the Obama Administration claims that the Jones ruling was not specific enough. Basically, because it did not make clear the need to obtain a warrant in each and every situation, a loophole was left wide open which actually allows GPS tracking despite the court’s intentions.

The brief submitted to the court argues that “requiring a warrant and probable cause would seriously impede the government’s ability to investigate drug trafficking, terrorism and other crimes,” according to the Wall Street Journal. The brief also argues that the tracking of a person’s movements using a GPS device is only a “limited intrusion” on one’s privacy.

In US v. Jones, the Supreme Court unanimously ruled that the use of GPS tracking devices on the vehicles of suspected criminals without a valid warrant violated the Fourth Amendment, more specifically unreasonable search and seizure. Those who advocate for privacy hoped that this decision would have set the precedent for cases dealing with warrantless tracking for all kinds of electronic surveillance devices besides GPS devices.

Currently, law enforcement is able to access digital records such as emails and cellphone location data without obtaining a warrant. However, searches within schools and at border crossing locations have been deemed exempt from the warrant requirement.

View Source