Selected Information Gathering Systems – Project 2

With the ongoing revelations of former defense contractor, Edward Snowden, and other recent events surrounding the activities of the United States intelligence community in general, and the National Security Agency in particular have been under a lot of fire from some American citizens. PEW Research Center recently published a survey that showed that 17% of Americans claim to be “very concerned” about this surveillance, while 35% say that they are “somewhat concerned.” The government has been deemed overly invasive and people have begun doing things like creating stronger passwords, encrypting information on their computers and/or phones, or paying cash rather than using a credit card all in order to avoid government surveillance. Yet, intelligence agencies are not the only one collecting information. Even before this, the information age, universities have been a prime example of surveillance and information gathering systems. This report (can be accessed by using the link at the end of the post) shows various information gathering systems at the University of Utah. Due to time constraints and manpower limitations, this report does not attempt to identify or discuss all the surveillance systems in operation at the University. A list of persons interviewed for this report is attached as Appendix A. We wish to thank those University employees and administrators for their openness in meeting with us.

Selected Information Gathering Systems at the Univeristy of Utah

Week 7 News Digest

What we know about the bank hacking ring—and who’s behind it

February 16, 2015

http://money.cnn.com/2015/02/16/technology/bank-hack-kaspersky/index.html?iid=SF_T_River

Hackers managed to steal up to one billion dollars from banks in Russia, Germany, China, and the Ukraine. They were able to hack ATMs in a way that allowed them to control them from a distance. Hackers were able to get deep enough into banks’ computer systems that they were able to get client’s email address. They sent emails pretending to be the bank, that when opened, installed malware on the computers. They were then able to transfer money from client accounts to their own private accounts. The hackers are said to be from Russia, China, and some parts of Eastern Europe.

 

Breach index: Mega breaches, rise in identity theft mark 2014

February 13, 2015

http://www.scmagazine.com/breach-index-mega-breaches-rise-in-identity-theft-mark-2014/article/398236/

2014 was the year for data breaches with reports showing that more than one million records were compromised. 54% of those breaches were identity theft breaches. The amount of identity theft breaches have increased by 20% since 2013. Tsion Gonen, vice president of strategy for identity and data protection at Gelmato’s Breach Level Index, believes that the reason identity theft has increased and credit card has decreased is because attackers are looking for the most valuable information that they can piece together to use later on. Gonen also says that financial organizations have helped to decrease the amount of credit card theft because they have cut down opportunity by watching closer for fraud alert.

 

UK admits unlawfully monitoring legally privileged communications

February 18, 2015

http://www.theguardian.com/uk-news/2015/feb/18/uk-admits-unlawfully-monitoring-legally-privileged-communications

On Wednesday, February 18, 2015, it was uncovered that UK intelligence agencies have been monitoring emails and other communications between lawyers and their clients. Communications between lawyers and their clients had a special protected status under UK law, but was clearly violated by agencies such as MI6. This revelation is evidence that the policies that were in place as of January 2010 have not been met. Intelligence agencies involved have admitted to acting unlawfully and are now to work with the interception of communications commissioner in order to make sure that the policies protect human rights and are observed.

 

The Greatest SIM Heist: How spies stole the keys to the encryption castle

February 19, 2015

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

Members of the NSA and Britain’s GCHQ (Government Communications Headquarters) hacked into Gemalto, the largest manufacturer of SIM cards in the world. They stole encryption keys that would allow them to monitor communication without the approval of the companies or foreign governments. The GCHQ also says that they are able to manipulate the billing services of cellular companies. This ability would allow them to suppress charges, allowing them to keep their actions secret. The GCHQ is also able to decrypt data and voice communications between cell companies and their clients. There is an outcry from many, claiming that this is not something that secret services should be doing.

 

AT&T is putting a price on privacy. That is outrageous

February 20, 2015

http://www.theguardian.com/commentisfree/2015/feb/20/att-price-on-privacy

AT&T has plans to track and sell users’ Internet activity. This would include the websites that customers are visiting, the duration of their visit, search history, and ads that you see and follow. They would sell this activity to businesses to aid them in providing targeted advertising. This cannot be avoided through using the privacy setting. If a customer wished to opt-out of this system, they would have to pay a $29 fee each month. This extra charge is controversial because it is pushing privacy to something that is selective. Putting a cost on privacy takes a way the rights of people that cannot afford it but that should be allowed it.

 

Facial Recognition: Privacy vs Security

August 9, 2014 will live in the hearts of many as a day of a tragic injustice. A young black teenager was shot by a white police officer in Ferguson, Missouri. People across the country protested the behavior of the officer, deeming his actions to be based off of feelings of racial superiority rather than justice. The accounts of witnesses vary, but if there were a video that showed exactly what happened, it would make all the difference. In the wake of the shooting, and ultimately the death, of 18-year-old Michael Brown, there has been a bigger push than ever to have police officers wear body cameras. President Obama strongly advocates for such cameras and has proposed a plan that would pour 75 million dollars into federal spending to allot 50,000 recording devices for police departments. However, the decision to implement body cameras is much more complex than just finding the money to do so. There are many privacy concerns that come along with this decisions. Concerns such as when will the camera be on (do the officers get to pick and choose what is going to be recorded?), how long will the footage be kept, who can access the footage, will the cameras hinder people’s willingness to give cops tips, what technology will be used, and what privacy infringements will accompany these camera? Enabling these cameras to have facial recognition technology is one of these privacy concerns and this post will address those concerns.

First, to truly understand the debate, it is essential to know how facial recognition technology operates. Facial recognition technology uses an algorithm to measure unique facial features such as the space between the eyes, the depth of the eye sockets, the shape of the cheekbones, the length of the jawline, or the width of the nose. It uses these measurements to make what is called a face print. Face prints are just as unique as fingerprints; although, fingerprints are still a more accurate source of biometric identification. Another algorithm is used to then run face prints with other photos that are in the database, searching for a match.

The use of this technology is not new—Facebook and Google+ use it to help you identify friends or yourself in photos, Find My FaceMate uses facial recognition technology for dating purposes, casinos use it to monitor players that have been marked as cheaters or suspicious people. There is even a university in the UK that was using facial recognition technology to take roll. Companies are working to use facial recognition technology to find the age and gender of someone looking at their digital kiosk so that they can advertise specifically to that person. The ethics of all these uses are debatable, but there are currently no legal restrictions on commercial use of facial recognition technology. However, when it comes to law enforcement, the idea of utilizing facial recognition technology is primarily seen as negative by our society.

But, why? We’ve all seen movies that portray facial recognition technology as heroic: it’s a fast way to scan a group of people and find the criminal. It helps the good guys win in a matter of seconds. However, there are some legitimate privacy concerns such as what database would the police officers use and would use of this technology by law enforcement destroy anonymity?

The FBI is working to build a database that is “bigger, faster, better”. This database is called Next Generation Identification (NGI) and currently contains more than just fingerprints, it also contains face prints. The NGI does not get the images from mug shots alone. In fact, according to the Electronic Frontier Foundation, by this year, the NGI will contain 4.3 million images that were not taken for criminal purposes. EFF goes on to explain how if you apply for a job that requires a background check or fingerprinting, the FBI stores your prints in its civil database. However, with the use of facial recognition technology expanding, employers may require a photograph, or “mug shot”. This would then put your information into the NGI along with your fingerprints. The danger in storing criminal and non-criminal data together is that non-criminals could be falsely incriminated merely because their face print and fingerprints are in the database.

Another issue concerning the database is that there is currently no legislation that would block law enforcement from gaining information from organizations such as Facebook. Although the FBI says that it does not currently share information with such sites, who is to say that they won’t in the near future? The problem with the rapid increase of more sophisticated and accessible facial recognition technology is that it is not regulated. Despite tragedies of police brutality, allowing body cameras to have live stream access to facial recognition technologies is rash if it precedes necessary regulation that would protect an individual’s privacy.

One of the biggest concerns that comes up with allowing police officers to have their body cameras equipped with live stream facial recognition technology is that it robs people of the right they feel they have to be anonymous. Facial recognition technology robs by passively tracking and collecting personal biometric data without a warrant. In the Arizona Law Review, Sabrina Lochner says that under the Fourth Amendment, “law enforcement may take a picture of someone’s face from a lawful vantage point without reasonable suspicion or probable cause; there is no reasonable expectation of privacy as to the face, which is constantly exposed to the public.” However, she goes on to say that running the picture through facial recognition technology is not justifiable without reasonable suspicion. If police were equipped with body cameras that used facial recognition in live time, they would be unjustly collecting information on innocent people. This would destroy anonymity. It would restrict what people will do in public, whether it is good or bad.

The privacy concerns that accompany this decision are valid. However, I personally think that the pros of having officers equipped with facial recognition on cameras outweigh the privacy concerns. In Seattle, police officers are using the technology with their own city-determined rules that include annual audits, restrictions on what officers can use the technology, and required logs on usage. Legislation that strictly defines what government agencies are and are not allowed to do needs to be passed before equipping our police officers with body cameras that use facial recognition technology. In this debate, the answer cannot be merely privacy or security; there needs to be a balance that will allow citizen’s privacy and law enforcement’s means to protect citizens.