• chevron_right

      Spying through Push Notifications / Schneier · 5 days ago - 19:46 · 1 minute

    When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands.

    Sen. Wyden is trying to get to the bottom of this :

    In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.

    “In this case, the federal government prohibited us from sharing any information,” the company said in a statement. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”

    Google said that it shared Wyden’s “commitment to keeping users informed about these requests.”

    The Department of Justice did not return messages seeking comment on the push notification surveillance or whether it had prevented Apple of Google from talking about it.

    Wyden’s letter cited a “tip” as the source of the information about the surveillance. His staff did not elaborate on the tip, but a source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts.

    • chevron_right

      AI and Mass Spying / Schneier · 6 days ago - 19:11 · 4 minutes

    Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

    Before the internet, putting someone under surveillance was expensive and time-consuming. You had to manually follow someone around, noting where they went, whom they talked to, what they purchased, what they did, and what they read. That world is forever gone. Our phones track our locations. Credit cards track our purchases. Apps track whom we talk to, and e-readers know what we read. Computers collect data about what we’re doing on them, and as both storage and processing have become cheaper, that data is increasingly saved and used. What was manual and individual has become bulk and mass. Surveillance has become the business model of the internet, and there’s no reasonable way for us to opt out of it.

    Spying is another matter. It has long been possible to tap someone’s phone or put a bug in their home and/or car, but those things still require someone to listen to and make sense of the conversations. Yes, spyware companies like NSO Group help the government hack into people’s phones , but someone still has to sort through all the conversations. And governments like China could censor social media posts based on particular words or phrases, but that was coarse and easy to bypass . Spying is limited by the need for human labor.

    AI is about to change that. Summarization is something a modern generative AI system does well. Give it an hourlong meeting, and it will return a one-page summary of what was said. Ask it to search through millions of conversations and organize them by topic, and it’ll do that. Want to know who is talking about what? It’ll tell you.

    The technologies aren’t perfect; some of them are pretty primitive. They miss things that are important. They get other things wrong. But so do humans. And, unlike humans, AI tools can be replicated by the millions and are improving at astonishing rates. They’ll get better next year, and even better the year after that. We are about to enter the era of mass spying.

    Mass surveillance fundamentally changed the nature of surveillance. Because all the data is saved, mass surveillance allows people to conduct surveillance backward in time, and without even knowing whom specifically you want to target. Tell me where this person was last year. List all the red sedans that drove down this road in the past month. List all of the people who purchased all the ingredients for a pressure cooker bomb in the past year. Find me all the pairs of phones that were moving toward each other, turned themselves off, then turned themselves on again an hour later while moving away from each other (a sign of a secret meeting).

    Similarly, mass spying will change the nature of spying. All the data will be saved. It will all be searchable, and understandable, in bulk. Tell me who has talked about a particular topic in the past month, and how discussions about that topic have evolved. Person A did something; check if someone told them to do it. Find everyone who is plotting a crime, or spreading a rumor, or planning to attend a political protest.

    There’s so much more. To uncover an organizational structure, look for someone who gives similar instructions to a group of people, then all the people they have relayed those instructions to. To find people’s confidants, look at whom they tell secrets to. You can track friendships and alliances as they form and break, in minute detail. In short, you can know everything about what everybody is talking about.

    This spying is not limited to conversations on our phones or computers. Just as cameras everywhere fueled mass surveillance, microphones everywhere will fuel mass spying. Siri and Alexa and “Hey Google” are already always listening; the conversations just aren’t being saved yet.

    Knowing that they are under constant surveillance changes how people behave. They conform. They self-censor, with the chilling effects that brings . Surveillance facilitates social control, and spying will only make this worse. Governments around the world already use mass surveillance; they will engage in mass spying as well.

    Corporations will spy on people. Mass surveillance ushered in the era of personalized advertisements; mass spying will supercharge that industry. Information about what people are talking about, their moods, their secrets—it’s all catnip for marketers looking for an edge. The tech monopolies that are currently keeping us all under constant surveillance won’t be able to resist collecting and using all of that data.

    In the early days of Gmail, Google talked about using people’s Gmail content to serve them personalized ads. The company stopped doing it , almost certainly because the keyword data it collected was so poor—and therefore not useful for marketing purposes. That will soon change. Maybe Google won’t be the first to spy on its users’ conversations, but once others start, they won’t be able to resist. Their true customers—their advertisers—will demand it.

    We could limit this capability. We could prohibit mass spying. We could pass strong data-privacy rules. But we haven’t done anything to limit mass surveillance. Why would spying be any different?

    This essay originally appeared in Slate .

    • chevron_right

      Green card applicants targeted by Section 702 foreign intelligence bill / ArsTechnica · 6 days ago - 15:22

    Digital illustration of an eye as an abstract representation Internet surveillance.

    Enlarge (credit: Getty Images | kontekbrothers)

    Americans with family overseas who hope to visit the United States may soon face an increased risk of being surveilled by their own government.

    Support in Congress is growing for intensified vetting procedures at the US border, which would see immigrants and foreign visitors subjected to the same levels of scrutiny as suspected terrorists and spies. A bill introduced last week by members of the Senate Intelligence Committee (SSCI) and forthcoming legislation from its House counterpart both aim to expand the use of a key foreign intelligence program —Section 702—for screening and vetting visitors to the US.

    Read 29 remaining paragraphs | Comments

    • chevron_right

      Judge: Amazon “cannot claim shock” that bathroom spycams were used as advertised / ArsTechnica · 7 days ago - 20:16

    Judge: Amazon “cannot claim shock” that bathroom spycams were used as advertised

    Enlarge (credit: zhihao | Moment )

    After a spy camera designed to look like a towel hook was purchased on Amazon and illegally used for months to capture photos of a minor in her private bathroom, Amazon was sued.

    The plaintiff—a former Brazilian foreign exchange student then living in West Virginia—argued that Amazon had inspected the camera three times and its safety team had failed to prevent allegedly severe, foreseeable harms still affecting her today.

    Amazon hoped the court would dismiss the suit, arguing that the platform wasn't responsible for the alleged criminal conduct harming the minor. But after nearly eight months deliberating, a judge recently largely denied the tech giant's motion to dismiss.

    Read 14 remaining paragraphs | Comments

    • chevron_right

      Secret White House Warrantless Surveillance Program / Schneier · Thursday, 23 November - 02:03

    There seems to be no end to warrantless surveillance :

    According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.

    The DAS program, formerly known as Hemisphere, is run in coordination with the telecom giant AT&T, which captures and conducts analysis of US call records for law enforcement agencies, from local police and sheriffs’ departments to US customs offices and postal inspectors across the country, according to a White House memo reviewed by WIRED. Records show that the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T’s infrastructure—­a maze of routers and switches that crisscross the United States.

    • chevron_right

      Patient privacy fears as US spy tech firm Palantir wins £480m NHS contract / TheGuardian · Tuesday, 21 November - 14:39

    Awarding of contract to create new data platform prompts immediate concerns about security of medical records

    The NHS has caused controversy by handing the US spy technology company Palantir a £480m contract to create a new data platform, triggering fears about the privacy of patients’ medical details.

    The move immediately prompted concerns about the security and privacy of patient medical records and the suitability of Palantir to be given access to and oversight of such sensitive material.

    Continue reading...
    • chevron_right

      NHS data platform may be undermined by lack of public trust, warn campaigners / TheGuardian · Tuesday, 21 November - 05:00

    Patients cannot opt out of personal medical records being shared, albeit anonymised, between NHS bodies

    The NHS’s new data platform could be derailed by a lack of public trust because patients are being denied the chance to opt out of it sharing their personal medical records, campaigners claim.

    NHS England will announce on Tuesday that it is handing the £480m contract to operate the new software to the US spy tech firm Palantir , sparking a backlash over privacy and its “murky” past.

    Continue reading...
    • chevron_right

      Using Generative AI for Surveillance / Schneier · Monday, 20 November - 04:02

    Generative AI is going to be a powerful tool for data analysis and summarization. Here’s an example of it being used for sentiment analysis. My guess is that it isn’t very good yet, but that it will get better.

    • chevron_right

      Private UK health data donated for medical research shared with insurance companies / TheGuardian · Sunday, 12 November - 07:00

    Observer investigation reveals UK Biobank opened its biomedical database to insurance firms despite pledge it would not do so

    Sensitive health information donated for medical research by half a million UK citizens has been shared with insurance companies despite a pledge that it would not be.

    An Observer investigation has found that UK Biobank opened up its vast biomedical database to insurance sector firms several times between 2020 and 2023. The data was provided to insurance consultancy and tech firms for projects to create digital tools that help insurers predict a person’s risk of getting a chronic disease. The findings have raised concerns among geneticists, data privacy experts and campaigners over vetting and ethical checks at Biobank.

    Continue reading...