Saturday, 18 June 2016

Who's Watching the Watchers?

 Everyone is Spying on Everyone

Updated May 26, 2022

It's the age of ubiquitous surveillance, fueled by both Internet companies and governments. And because it's largely happening in the background, we're not really aware of it.

Most people are unaware of the threat and, if they do, they don't understand their part in ensuring that privacy laws are enacted and enforced.
The only thing necessary for the triumph of evil is for good men to do nothing.
— Edmund Burke

Spying is Big Business

Spying is big business, whether it is the collection of "meta data" or the information we provide to join Facebook or to register a product. All of this is valuable information being used to sell to us more effectively.

There are two reasons for this:
  1. the technology to do it is much cheaper to use; and
  2. people are completely unaware of how valuable this information about them is or the dangers that it creates.

The Technology

At one time it was very expensive to employ surveillance, whether in a criminal investigation or for commercial purposes.

If you (or the police) wanted to follow an individual it required one or two tracking teams around the clock. Current technology allows a simple tracking device placed on either a vehicle or an individual so a single person can monitor several suspects from a central location (or simply get access to their cell phones).

One example is Apple's Air Tags. Intended to help you locate lost items like your keys. Extremely small, inexpensive and easily obtained, these allow anyone to track someone's daily routine.

Corporate Bulk Data Collection

Corporations collect huge amounts of information about what we click on when we visit their site.

  • Facebook collects information not only on their users but on those that visit any site with a Facebook "Like" icon.
  • Target was able to tell that a customer was pregnant before she knew, based simply on the data about buying habits and other data they'd collected.

It originated with the electronic collection of information by corporations. Then the government wanted in on the deal and pressured Internet companies like Yahoo, Google and AOL to provide the information passing through their servers.

As more of us block third-party cookies, developers have become sneaky. They view the information quietly shared by your browser: IP address (location), language, capabilities (addons, plugins) and more to create a unique profile of you that is very difficult to change.

Government Intervention Needed

Of course, this information was basically provided by you for free, so corporations refrain from securing that data like they would their own. This is resulting in mass data breaches that tend to hurt the consumer more than the corporations that experienced the breach.

One example, the Equifax data breach, is a good example of this. Not only did Equifax use the poorest security available but their board placed a higher priority on selling their shares than in letting us know our data had been stolen. This data was of the most sensitive nature, enough to commit identity theft on most Americans, Canadians and others.

Market failures like this can only be solved through government intervention. By regulating the security practices of companies that store our data, and fining companies that fail to comply, governments can raise the cost of insecurity high enough that security becomes a cheaper alternative. -- Bruce Schneier
While you may hear of a massive breach on the news, these are a daily occurance, so frequent that is seldom considered reportable.

Privacy and Your Phone 

The police would love to have free access to your phone records, especially for your cellphone.

Your Smart Phone is Reporting Your Location Constantly

The ubiquitous smart phone continually reports its location to the cellular provider in order to be able to be able to deliver text messages, phone calls, etc. This information can be used for other purposes, even some that completely remove our privacy. Many of the apps on your phone want this location information and use it to monitor other apps.

You don't think the FBI request for Apple to unlock a suspect's phone was only about that one incident, do you? It is about the ability to view everyone's phone.

Don't believe me? How about a change in the law that assumes that anything encrypted should be investigated?

Rule 41 regulates the official holidays for court sessions and similar routine tasks, yet was used to legalize hacking by police. I strongly recommend you read the details.
The Department of Justice is using an obscure procedure to push through a rule change that will greatly increase law enforcement’s ability to hack into computers located around the world. It’s an update to Rule 41 of the Federal Rules of Criminal Procedure. If Congress does nothing, this massive change will automatically go into effect on December 1. -- EFF Report on Rule 41
Police forces have used devices like the StingRay to capture cellular data for some time, often intercepting and collecting data from innocent parties. This created a stink in Ottawa when government officials wondered if they were the target. The shoe was on the other foot and rather than regulate the collection of personal data, legislators made sure they weren't being affected.

Information Can be Beneficial or Hijacked for Profit

That Fit bracelet you're wearing could provide information that would allow for huge breakthroughs in medicine or more likely will be used by your medical insurance company to raise their rates by identifying health issues or the failure to exercise regularly enough.

Even though the payment structure for health insurance and services is designed so that everyone pays for the collective risk, it would be much more profitable to identify the high-risk users and charge them more. If past experience is followed, it is unlikely that the overall group would benefit as much as the high-risk users would lose.

Protection from Terrorists?

Our governments are spying on their citizens (not to mention the citizens of other countries).  Five Eyes is an intelligence alliance consisting of Australia, Canada, New Zealand, the United Kingdom and the United States that shares data between these countries. The U.S. government has built a huge new facility in Utah to store this data.

Governments used the incident in 9/11 to tell their citizens that the unbridled collection of personal data is the only way to protect them from terrorists. Whenever questioned, the FBI and other police agencies routinely cite protection against terrorism or child pornographers to justify invading our privacy.

Paul Joseph Watson notes that Americans are just as likely to get struck by lightning as they are to be killed by terrorists. If the risk isn't as significant as we're led to believe, then why would the government exaggerate the risk and promote the huge expense of anti-terrorist measures?

Fear measures are being used to justify this agenda and the result is the very definition of a police state.

Other governments have done the same, often getting around the rules that prevent them from spying on their own citizens by having other governments do the spying then sharing the results. The Americans spy on the Canadians and British. The British spy on the Canadians and Americans. The British and Canadians spy on the Americans.

Reinterpreting Old Regulations

Governments and police agencies have reinterpreted old laws in new ways that avoid the legislation that restricts this collection without a warrant. They argue that the information isn't "collected" until viewed. Try that one if the police find illegal material on your computer.

There is a huge difference between getting a warrant to begin surveillance on a suspect and obtaining a warrant to view information that has already been collected for the last 20 years only when someone becomes a suspect.

Technology Moving Too Fast 

Technology moves too fast for the courts to act.

For example, an old U.S. law that allowed mail to be searched only until it was delivered (i.e. while it is in transit). This same regulation was applied to email resulting in a much more liberal and inappropriate interpretation of that old regulation.

In early days most people only had one device (usually a desktop computer in their home or office). Email was downloaded to the email program on that computer then deleted from the server. Only the newest mail collected since the last download was available online at any one time.

Most people now use the IMAP email protocol which leaves all their emails on the server indefinitely to provide the emails to their cellular phone, computers and tablets. This means that all your mail is indefinitely on the server (or "in the cloud") and subject to search and seizure.

The interpretation that your emails on the server are "in transit" rather than delivered is clearly not what was intended by those that drafted that old snail-mail law.

People are Unaware

People using technology have given up a great deal in terms of privacy. If they only knew the value of what they're giving away.  

When the service is free, you are the product.

Have you every searched for something only to suddenly see ads everywhere for that same product?

There is a big difference in your reaction to seeing a generic ad for treating hemorrhoids on TV and seeing the same ad on your phone or computer immediately after the doctor sends you an email indicating you have this condition. (You can almost hear the cash registers ringing.)

"Free" Webmail

Google, Yahoo! and Microsoft provide free email service, but scan your email in varying degrees to better know what sort of ads are likely to interest you.

Like other IMAP systems, emails are left on the webmail server forever. Even when "deleted" they are often archived.

 Windows 10

Microsoft wanted in on this huge bonanza. The free upgrade to Windows 10 took you from a relatively-secure independent computer to one that is essentially a super-Facebook where your information is collected and used to help Microsoft advertise items based upon your personal information.

Windows 10 introduced ad-filled apps rather than applications that simply did what you installed them to do. Instead of paying for Windows 10, you pay to avoid ads in your games and other apps.

Unlike the simple local search Windows 7 conducted for a document on your computer, Windows 10 sends that search request to Bing, just like it would for an Internet search. The only reason to do this is to profile you because your local content is certainly not on the Web. Another possibility is that the search function has been offloaded from the computer altogether (search as a service).

Cortana works by learning all about you -- enough to know who you mean when you ask it something. If you ask Cortana to call your sister, Cortana needs to know who your sister is, her contact information and possibly more.

Windows 11

Windows 11 was launched primarily to generate the sale of new computers. Even though it was capable of running on most Windows 10 computers, Microsoft added a requirement for a TPM and eliminated all but the most recent processors.

At time of writing, very few have adopted Windows 11 except those forced to buy a new computer. There is little to entice users to upgrade and some serious issues continue to plague the new Windows.

Misusing Legislation for Commercial Gain

Digital Rights Management (DRM) technologies are locking us out of the use of our own data and restricting what we've purchased.

The U.S. Digital Millennium Copyright Act (DMCA) was  intended to stop the illegal duplication of DVDs and music CDs but has prevent researchers from looking closely at software and other goods for vulnerabilities that might affect consumers.

The DMCA allowed Volkswagen to manipulate emissions data when hooked up to testing equipment and prevented owners of John Deere tractors from legally servicing their own equipment.

Disney wants you to re-buy content you already have purchased in a new format. From VHS to DVD to Blue-Ray, Snow White provides a tremendous income for Disney even though there is no new creative content.
"If consumers even know there's a DRM, what it is, and how it works, we've already failed." -- Peter Lee, Disney Executive in 2005.

Learning More

If you're interested in learning more about this I'd recommend reading Bruce Schneier's book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. It looks at the collection of personal data and how it is being used to manipulate us.

9/11 was used to convince us to give up privacy for security, but the additional information hasn't helped. Schneier describes this exercise as looking for a needle in a haystack of needles.

John Mueller's Terrorism Since 9/11: The American Cases (PDF) shows how misleading the use of the term "terrorism" is and how difficult it is to track actual cases. It is worth scanning if only to better grasp this term that has been used to scare ordinary and innocent citizens into giving up their rights.

See also the resources on my website including Your Privacy at Risk, Restoring Privacy and Social Media: Are You Sharing Too Much?