Tag Archives: Encryption

Suffolk County DA Conley logging parents’ keystrokes, for “safety”

We think our version captures the spirit of this initiative better than the original.

We think our version captures the spirit of this initiative better than the original.

Well, well. This “school safety” stuff keeps getting more interesting.

I didn’t focus on the elements of the school safety task force’s report that dealt with teaching children to “be safe” on the Internet, because, well, they sounded pretty innocuous. Turns out I wasn’t paranoid enough.

EFF reports that DAs and police departments across the country have been distributing elderly spyware called “ComputerCop” to parents as part of feel-good “Internet Safety” events at schools. This apparently includes a “service” called “KeyAlert”, which allows parents to track their children’s keystrokes. When it collects those keystrokes, it also stores them unencrypted on your hard drive (on Windows machines) and transmits them, unencrypted, to a third-party server so that the parents can be emailed when chosen keywords are typed. And, as readers of this blog will know, law enforcement can then request that keylogged data from the third party without a warrant.

Well, that’s fabulous. Sounds pretty useful. For law enforcement. Why not, then, promote keyloggers on as many computers as possible? And as with social media, it looks like offering something for free really helps members of the public surveil themselves. EFF notes:

Read More →

Local Police May Be Hacking Your Phone: Piercing Secrecy Around Stingrays

Without your knowledge or permission, your smartphone’s calls could be being intercepted right now by your local police department, and your taxes are definitely being misused to pay for unconstitutional police snooping.

stingray_wsj

We have reported before on “stingrays”, which started being used by local police departments in around 2006. These devices impersonate a cellphone tower and intercept the calls that would otherwise flow to other actual nearby towers. Initially bulky, stingrays can now be laptop-sized or smaller, and the most advanced models are light enough to be carried by drones. Police departments conceal their use of this technology when applying for warrants to conduct surveillance, so judges can’t distinguish between applying for a “regular” interception on an individual phone and a stingray interception which gathers all traffic from nearby cellphone towers. The devices’ main manufacturer, Harris Corporation, even obliges police departments contractually to conceal their use of stingrays. The Obama administration is so keen to preserve the cloak of secrecy around stingrays that they sent in the US Marshals to prevent the ACLU from obtaining documents relating to stingray use by a north Florida police department. The courts are beginning to recognize the intrusive nature of cellphone tower dump data, but have not yet grappled with the fact that using stingrays, law enforcement don’t have to ask a cellphone company for the data; they can just suck it up without permission.

Now there is a new way to rip that cloak. Popular Science quotes the CEO of ESD America, which manufactures the $3,500 “CryptoPhone 500”, eagerly describing how his phones could detect when stingrays were being used in their vicinity. While testing the CryptoPhone 500 in August, users found 17 sites around the country where stingrays appeared to be being used on passersby. They could detect the use of stingrays because stingrays downgrade your connection from 4G to the less secure 2G and then turn off your phone’s encryption. Normal Android smartphones or IPhones are oblivious to this process.

Twitter users have been speculating whether these 17 sites map onto the sites of fusion centers around the country. Since we’re familiar with both stingrays and fusion centers, we can say conclusively that they don’t. Most sites seem to be in commercial areas, not around fusion center or military locations. ESD is not providing the precise site locations, and stingrays’ mobility further complicates the process of detecting them. We think that CryptoPhone users have captured what is likely to be only a small subset of stingray usage not by fusion centers, or by the NSA, but by regular local police departments around the nation. We’re supporting the efforts of researchers like Muckrock who want to get more transparency about stingray use by police departments, and to keep an eye out for proposals in your community to “upgrade” police department technology.

So, do we all have to go out and upgrade to the CryptoPhone 500 in order to feel safe in our communications? Well, no; there’s another, cheaper way to find out whether the government is using stingrays in your community.

Read More →

The Day We Fight Back: Join the resistance against mass surveillance!

The Internet is organizing to oppose mass surveillance on February 11, the anniversary of Aaron Swartz’s passing. We’re calling it The Day We Fight Back. This is what we’re doing and how you can get involved.

Call Your Congressmember
Both of our Senators here in Massachusetts and four of our Congressmembers (Tierney, McGovern, Capuano, Keating) have co-sponsored the USA FREEDOM Act, which represents the best near-term chance of meaningful reform of the surveillance state. Now would be an excellent time for newly minted Congresswoman Katherine Clark (D-Malden) to follow through on her pledge during the campaign to oppose mass surveillance. We’ll be coordinating calls with the ACLU of Massachusetts and others to try to get all nine of our U. S. House members to support it. We need volunteers for all nine congressional districts, so if you can, please sign up to help below.

UPDATE: Courtesy of PrivacySOS, we have news that Rep. Stephen Lynch (D-MA08) has signed on as a cosponsor. That now makes a majority of Massachusetts representatives cosponsoring the USA Freedom Act.

Cryptoparty at Northeastern
Cryptoparties train members of the public in techniques that go some way toward protecting your communications and your personal data from intrusion by outsiders (non-governmental or governmental). In collaboration with the Tor Project, the Massachusetts Pirate Party, the ACLU of Massachusetts, the National Lawyers’ Guild and others, we’re putting on a cryptoparty at Northeastern University:

Read More →

By 2020, Commercial Vendors Will Offer Quantum Encryption

From the cover of Physics World magazine, March 2013

From the cover of Physics World magazine, March 2013

One of the major problems with challenging the surveillance state is that it is extremely difficult to prove legally that you have been under surveillance. The only people able to prove it are the government themselves, or (in highly unusual cases) people to whom the government has accidentally disclosed that they are under surveillance.

What if, then, there were a commercially available solution that was able to prove that you were under surveillance, and that changed encryption keys so rapidly that your data could be vulnerable at most for a few seconds before becoming secure again? This is the promise of quantum encryption systems.

Read More →

Raytheon’s “Riot” Software: Big Data Analytics and Data Security for Activists

I run the Campaign for Digital Fourth Amendment Rights out of an incubator in Cambridge, Mass. Many startups at the incubator base their innovative products around “big data”, and the concept attracts substantial academic attention locally as well.

It’s natural that law enforcement would be interested in employing the same techniques, accessing information that people put on the Internet and on their devices about themselves, their location and their habits. Massachusetts-based Raytheon, the world’s fifth-largest defense contractor, has developed a product for law enforcement called “Riot”. Riot acts as a search engine, gathering information about people from Facebook, Twitter, Foursquare and other places. Raytheon refers to Riot as “extreme-scale analytics”, possibly because “wicked awesome analytics” was already trademarked. The Guardian has found a video from inside Raytheon demonstrating the software’s capabilities.

Read More →