Facial Recognition Software Prompts Privacy, Racism Concerns in Cities and States

Fabian Rogers was none too pleased when the landlord of his rent-stabilized Brooklyn high-rise announced plans to swap out key fobs for a facial recognition system.

He had so many questions: What happened if he didn’t comply? Would he be evicted? And as a young black man, he worried that his biometric data would end up in a police lineup without him ever being arrested. Most of the building’s tenants are people of color, he said, and they already are concerned about overpolicing in their New York neighborhood.

“There’s a lot of scariness that comes with this,” said Rogers, 24, who along with other tenants is trying to legally block his management company from installing the technology.

“You feel like a guinea pig,” Rogers said. “A test subject for this technology.”

Amid privacy concerns and recent research showing racial disparities in the accuracy of facial recognition technology, some city and state officials are proposing to limit its use.

Law enforcement officials say facial recognition software can be an effective crime-fighting tool, and some landlords say it could enhance security in their buildings. But civil liberties activists worry that vulnerable populations such as residents of public housing or rent-stabilized apartments are at risk for law enforcement overreach.

“This is a very dangerous technology,” said Reema Singh Guliani, senior legislative counsel for the American Civil Liberties Union. “Facial recognition is different from other technologies. You can identify someone from afar. They may never know. And you can do it on a massive scale.”

The earliest forms of facial recognition technology originated in the 1990s, and local law enforcement began using it in 2009. Today, its use has expanded to companies such as Facebook and Apple.

Such software uses biometrics to read the geometry of faces found in a photograph or video and compare the images to a database of other facial images to find a match. It’s used to verify personal identity — the FBI, for example, has access to 412 million facial images.

“Our industry certainly needs to do a better job of helping educate the public how the technology works and how it’s used,” said Jake Parker, senior director of government relations for the Security Industry Association, a trade association based in Silver Spring, Maryland.

“Any technology has the potential to be misused,” Parker said. “But in the United States, we have a number of constitutional protections that limit what the government can do.”

Read More

Not Only Can Alexa Eavesdrop — She Can Also Testify Against You

When it was revealed last month that a team of Amazon workers were tasked with listening to and reviewing Echo customers’ recordings—including those that customers never intended to record—the news sparked a flurry of criticism and concern regarding what this meant for the average consumer’s privacy.

At the same time, many were left unsurprised. Previous incidents, such as when an Amazon customer in Germany accidentally received someone else’s private Alexa recordings last year, have shown not only that the devices can record when least expected (such as when the user is in the shower, or having a private conversation) but also that these recordings can end up in unexpected hands.

This reality can leave users feeling that the device that helps them control their schedule, their music and even their home appliances isn’t completely within their control. In fact, the Echo can even be used against its owner—and may have the potential to send some users to prison.

As explained by Oxygen Forensics COO Lee Reiber in an interview with Forensic Magazine, when you live with an Alexa device, “it’s almost like your room is bugged.” Of course the “almost” is that Alexa isn’t necessarily always recording, but that doesn’t mean it only records when it’s supposed to either.

“We have a sample Alexa (…) that I utilize to do research on, and there is a lot of information on there. And I found several (recordings) that are specifically marked by Amazon as an error,” said Reiber, who has firsthand experience using Oxygen’s digital forensic tools to extract data from Echo devices. “I’m sitting there in my kitchen and I am talking to my wife, and it’s recording that information.”

Echo devices are meant to record what the user says to it after using a “wake word”—either “Echo,” “Amazon,” “computer” or the classic “Alexa,” depending on what the user prefers. The catch is that Alexa, which always has its microphone on listening for that word, has a habit of mishearing other words or sounds as its wake word, causing it to activate and record the voices or noises that follow.

I’ve noticed this with my own Echo Dot device, which sometimes lights up blue on its own, or startles me with a robotic “I’m sorry, I didn’t catch that” when I never said anything to begin with. Reiber also said those kitchen conversations with his wife were recorded without permission from a wake word, and plenty of other users have reported similar experiences with accidentally waking up their all-hearing assistant.

As Reiber explained, Amazon typically marks unintentional recordings as an error, and in forensic tools like Oxygen’s extractor, they show up marked as discarded items, similar to files someone has deleted from their phone or computer but are still there in the device’s memory. And like these unseen “deleted” files that any skilled digital examiner can recover and view, those accidental recordings are still available to investigators in full—and have the potential to become valuable forensic evidence in a case.

“Because they are already recording, any of these types of IoT (internet of things) devices can be tremendous, because again, if it’s still listening, it could record, and the quality is fantastic,” said Reiber, who also has a law enforcement background. “It’s just a great recording of the person who’s actually speaking. So, someone could say, ‘Well, it wasn’t me, it wasn’t me talking.’ Well, no, it is, it’s an exact recording of your voice.”

Read More

Los Angeles to Screen Transit Passengers With Body Scanners

Los Angeles CA Aug 15 2018 Los Angeles’s transit agency said Tuesday that it would become the first in the nation to screen its passengers with body scanners as they enter the public transit system — a bold effort to keep riders safer from terrorism and other evolving threats.

But officials said that riders need not worry that their morning commute would turn into the sort of security nightmare often found at airports or even sporting events. In a statement released Tuesday, transit officials said the portable screening devices they plan to deploy later this year will “quickly and unobtrusively” screen riders without forcing them to line up or stop walking.

“We’re looking specifically for weapons that have the ability to cause a mass casualty event,” Alex Wiggins, the chief security and law enforcement officer for the Los Angeles County Metropolitan Transportation Authority, said Tuesday, according to The Associated Press. “We’re looking for explosive vests, we’re looking for assault rifles. We’re not necessarily looking for smaller weapons that don’t have the ability to inflict mass casualties.”

The devices themselves resemble the sort of black laminate cases that musicians lug around on tour — not upright metal detectors. Dave Sotero, a spokesman for Metro, said the machines, which are on wheels, can detect suspicious items from 30 feet away and can scan more than 2,000 passengers per hour. The units can be pointed in the direction of riders as they come down an escalator or into a station.

“Most people won’t even know they’re being scanned, so there’s no risk of them missing their train service on a daily basis,” he said.

Mr. Sotero said the agency had purchased several of the units for about $100,000 each, but he would not specify exactly how many. He said that the authorities still needed to be trained on how to use the technology.

The county’s metro system has one of the largest riderships in the country, with 93 rail stations alone — and it is set to expand. Mr. Sotero said the new scanning units would be mostly deployed at random stations, but would certainly be used at major transit hubs and in places were large crowds are expected for marches, races and other events.

“There won’t be a deployment pattern that will be predictable,” he said. “They will go where they’re needed.”

Read More

Smartphone Fingerprint Scanner Gets a Heat-Sensing Upgrade

Fingerprint sensors—once a rarity—are now fairly common on smartphones. South Korean researchers have now given the fingerprint scanner an upgrade.

This new scanner is a clear sensory array, meaning that it could be hidden underneath the display rather than accessed as a button. It can also check the temperature of the fingerprint pressing into it to add an extra layer of security, CNET reports.

So why would your phone need to detect your temperature? It’s not for your health. Instead, it helps ensure that someone else isn’t using a fake hand or some other form of artificial fingerprints to get access to your phone.

Researchers from the Samsung Display-UNIST Center at Ulsan National Institute of Science and Technology in South Korea published an article on Tuesday detailing how they developed the sensor.

“This fingerprint sensor array can be integrated with all transparent forms of tactile pressure sensors and skin temperature sensors, to enable the detection of a finger pressing on the display,” the researchers wrote.

The researchers also confirmed that the sensor does this at a resolution that satisfies the FBI’s criteria for extracting fingerprint patterns.

View Source

Congress votes to wipe out landmark internet privacy protections

Congress sent proposed legislation to President Donald Trump on Tuesday that wipes away landmark online privacy protections, the first salvo in what is likely to become a significant reworking of the rules governing internet access in an era of Republican dominance.

In a party-line vote, House Republicans freed internet service providers such as Verizon, AT&T and Comcast of protections approved just last year that had sought to limit what companies could do with information such as customer browsing habits, app usage history, location data and Social Security numbers. The rules had also required providers to strengthen safeguards for customer data against hackers and thieves.

The Senate has already voted to nullify those measures, which were set to take effect at the end of this year. If Trump signs the legislation, as expected, providers will be able to monitor their customers’ behavior online and, without their permission, use their personal and financial information to sell highly targeted ads — making them rivals to Google and Facebook in the $83 billion online advertising market.

The providers could also sell their users’ information directly to marketers, financial firms and other companies that mine personal data — all of whom could use the data without consumers’ consent. In addition, the Federal Communications Commission, which initially drafted the protections, will be forbidden from issuing similar rules in the future.

Search engines and streaming video sites already collect usage data on consumers. But consumer activists claim that internet providers may know much more about a person’s activities because they can see all of the sites a customer visits.

And while consumers can easily abandon sites whose privacy practices they don’t agree with, it is far more difficult to choose a different internet provider, the activists said. Many Americans have a choice of only one or two broadband companies in their area, according to federal statistics.

Advocates for tough privacy protections online called Tuesday’s vote “a tremendous setback for America.”

“Today’s vote means that Americans will never be safe online from having their most personal details stealthily scrutinized and sold to the highest bidder,” said Jeffrey Chester, executive director of the Center for Digital Democracy.

Read More

Apple patent envisions tracking people in real time

Apple’s current Find My Friends feature could one day expand into more of a Track My Friends feature.

Granted to Apple on Tuesday by the US Patent and Trademark Office, a patent called “Sharing location information among devices” describes a procss that would let you view a visual representation of the path taken by another person using a mobile device as a way of following that person’s entire journey.

For example, someone is going for a hike or a trip and wants you to stay informed of his or her whereabouts. That person would enable a feature on a mobile device to allow you to see and track in real time the path being taken on your own mobile device or computer. On the flip side, you could also share your route so the two of you can stay abreast of each other’s ongoing location.

Apple already offers a feature called Find My Friends, which lets you find the specific location of another person via his or her iPhone or iPad. But Find My Friends is geared more toward pointing you to a specific spot, whereas Apple’s patented invention allows for path tracking, or following several points along a specific route.

As described in the patent, your respective devices could also share mapping directions so that you and your friend would be able to easily find each other via your mobile devices. Even further, your devices could tap into a “mirroring” mode that would replicate the view seen on each other’s respective devices.

The system would rely on GPS for navigation purposes but could enable communication between the devices via a cellular network, Wi-Fi or Bluetooth. Assuming both you and your friend had a sufficient signal, cellular would obviously be the most efficient technology as it would allow for the greatest distance between the two of you.

Read More

The Pentagon is looking to hire 3,000 infosec pros

The US Department of Defense has gotten permission and is aiming to hire 3,000 infosec professionals to work at the US Cyber Command by the end of this year, and is set to make the majority of the members of its Cyber Mission Force (CMF) achieve at least initial operational capability by the end of the 2016 Fiscal Year.

According to Aliya Sternstein, salaries start at $42,399 and can eventually rise to over triple that amount ($132,122).

The good news for potential employees is that the DoD doesn’t have to evaluate the applicants by traditional competitive criteria – to gain employment with the CMF, the applicants will have to demonstrate unique cybersecurity skills and knowledge.

The US Cyber Command was instituted in 2010, and was tasked with protecting the Department of Defense’s information networks and critical infrastructure, as well as to carry out cyber attacks against adversaries.

“USCYBERCOM confronted serious challenges from the outset. DoD networks had been planned and initially constructed decades earlier in an environment in which redundancy, resiliency, and defensibility were not always primary design characteristics,” Admiral Mike Rogers, the Head of the Cyber Command, shared with the members of the US House committee on Armed Service’s Subcommittee on Emerging Threats and Capabilities.

“Operators in USCYBERCOM, not surprisingly, could not even see all of our networks, let alone monitor all the traffic coming into and out of them from the Internet. Our people were and are professionals, so that issue was rapidly engaged, but nonetheless the sheer volume of work involved in starting a new, subunified command was substantial.”

“The bad news was that USCYBERCOM was built from the ground up by cutting manning to the bone, initially sacrificing vital support functions and institutional infrastructure to build mission capabilities as fast as possible,” he noted, and announced that things are slowly changing.

Read More

Protecting your privacy on the phone

Tapping phone lines and recording conversations is a classic spy technique, but it can be easy to protect yourself from these actions with a few simple gadgets and security practices. Make sure you are being proactive about your privacy and protecting your phone calls from unwarranted or illegal recording.

There are a few ways to protect your privacy on the phone. Whether the person on the other end is recording the call or you think your own line has been tampered with, make sure you’re taking the right steps toward eliminating these threats and having private conversations in peace.

Bug sweep – Bugging a room or phone is a key way to record or spy on conversations. Getting a Multi-Functional All Purpose All-in-One Sweep Unit can help you find and disable audio recording devices in your phone, as well as hidden cameras and other spying devices.

Tap detection – For increased protection from phone tapping, you can install a Super Tap Buster on your phone line. This tool will constantly monitor line voltage and detect changes that indicate a phone tap. This will further protect you from taps installed outside your home, and can remotely disable bugs, while alerting you to secondary listening devices on a line – such as when a second line is picked up and muted during a call to listen in.

Voice changer – If you’re trying to keep your identify a secret during a phone call, a Telephone Voice Transformer is the best way to go. This device will alter the pitch and tone of your voice to mask it and keep your identify a secret – an excellent way to prevent a phone tap from gathering too much information.

View Source

FBI boss ‘concerned’ by smartphone encryption plans

Plans by Apple and Google to do more to protect customers’ privacy have made the FBI “very concerned”.

Speaking to reporters, FBI boss James Comey said the plans to enable encryption by default could thwart law enforcement investigations.

Lives could depend on police forces continuing to get access to the data on devices used by criminals and terrorists, he said.

The FBI was talking to both Apple and Google about its fears, said Mr Comey.

Protect privacy
The conversations with tech firms needed to be had before the day when police forces lost access to those devices, he said.

“I’d hate to have people look at me and say, ‘Well how come you can’t save this kid?’ ‘How come you can’t do this thing?’” said Mr Comey in a briefing.

His comments came in reaction to a decision by Apple to enable a file encryption system on its iOS 8 software for which it has no keys. This means it would not be able to comply with any official request to help police get at the data on those devices.

Google has said it too is planning to enable a similar encryption system by default on the next version of Android.

Mr Comey said he was “very concerned” about these plans because of what they would allow people to do.

“What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law,” he said.

“I am a huge believer in the rule of law, but I am also a believer that no-one in this country is beyond the law,” he added.

Apple and Google have yet to respond to Mr Comey’s comments.

Ten days prior to Mr Comey’s press statement, iOS data forensics expert Jonathan Zdziarski pointed out that Apple’s encryption system would not stop police getting at data on portable devices.

Specifically weakening security systems just to aid the police was a bad decision, he said.

“For the sake of privacy and overall security, the only logical solution is to make products as secure as possible, and let good detective work do the crime solving, rather than an easy button,” he wrote in a blogpost.

View Source

Google Just Bought a Company That Snoops on Your Chats

Google just bought another online communications channel it can fill with ads.

The tech giant confirms it has acquired Emu, a startup that offers a kind of instant messaging tool. The price was not disclosed, but Google’s interest in the company isn’t hard to divine: Emu has built a system that can monitor chats, infer what people are talking about, and insert relevant links—including ads.

Emu, which has been subsisting for two-and-a-half years on venture funding, doesn’t insert such ads today. Instead, it uses its monitoring tools to identify certain other information that might be helpful to you. For example, if you’re chatting on the Emu service and the other person types something about getting lunch, Emu might suggest nearby restaurants or show the mid-day schedule from your calendar. But it’s a very short leap from such information to commercial promotion. A nearby cafe might pay for ad to appear every time the word “coffee” comes up in your chat.

The Emu buy is part of a much larger trend to monitor and thus profit from new chunks of people’s lives. Foursquare just rolled out a new version that, by default, tracks your movements continuously, negating the need for a “check in” button. Google, meanwhile, isn’t just interested in chats; the company has said that it may eventually show ads on internet-connected home devices, such as thermostats.

A NEARBY CAFE MIGHT PAY FOR AD TO APPEAR EVERY TIME THE WORD “COFFEE” COMES UP IN YOUR CHAT.

Emu fills a growing hole in Google’s ad offerings. Google mines search terms and emails for advertising purposes, but not yet chats. As people shift their computing to smartphones and other mobile devices, chatting—short, immediate, and part of phone culture for decades—has become more popular.

Read More