Welcome to the Internet of listening, eavesdropping, spying things

Welcome to the Internet of listening, eavesdropping, spying things
By Glyn Moody

There’s a new frontier for digital privacy: home devices that understand spoken commands. That’s impressive and convenient, but it comes with definite risks, as Rick Falkvinge pointed out earlier this week. The product sites of the main players in the so-called “smart speaker” sector – Amazon, Apple, and Google – offer plenty of upbeat advertising copy about the convenience, but are naturally silent about the potential problems.

Apple is the most opaque. Its HomePod page oozes cool, but not much in the way of information. Google is the most forthcoming. The Help page for Google Home has the following details about how its system works:

“Google Home listens in short (a few seconds) snippets for the hotword. Those snippets are deleted if the hotword is not detected, and none of that information leaves your device until the hotword is heard. When Google Home detects that you’ve said “Ok Google,” the LEDs on top of the device light up to tell you that recording is happening, Google Home records what you say, and sends that recording (including the few-second hotword recording) to Google in order to fulfill your request. You can delete those recordings through My Activity anytime.”

Google Home uses Google Assistant to pass questions and commands to other Google services online. Amazon’s Echo product takes the cloud-based approach one stage further:

“Alexa – the brain behind Echo – is built in the cloud, so it is always getting smarter. The more you use Echo, the more it adapts to your speech patterns, vocabulary, and personal preferences.”

That’s clearly a big advantage for users, because it means that the “brain” behind Echo will improve as advances in hardware and AI are incorporated in Amazon’s cloud-based platform. But it also means that Echo users don’t really know what the system sitting in their home can “hear” or “understand”, since those capabilities are provided elsewhere, and upgrades are outside the customer’s control.

All three devices – Apple’s HomePod, Google’s Home, and Amazon’s Echo – are designed to work with other electronic objects in the home, creating and controlling a complete network of “intelligent” systems. That underlines an important fact: it is not just people who buy one of these “smart speakers” that will be subject to constant eavesdropping by digital devices waiting for the wake-up word. As hardware costs plummet, and AI-based software increases in sophistication, voice-recognition systems will start to appear in most “intelligent” domestic devices as standard. Acoustic surveillance will become the norm and pervasive to the point that people will forget it is even happening.

The BBC is already conducting research into what the implications of this development will be for television. An obvious application is for controlling access:

“Just like the fingerprints of your hand, you have a voice that is totally unique to you. In our experiment, by recognising the individual characteristics of your voice (tone, modulation, pitch etc), processing that information and then matching it to a sample of your voice stored in the cloud, artificial intelligence software checks that you are who you say you are and then signs you in, without you having to type anything.”

Copyright companies will love this, since using voice-based sign-ons will ensure that subscriptions to music or video streaming services are not handed around, something that is hard to prevent at the moment. Voice sign-ins will also make it easier to prove the origin of particular content. Currently, courts are rightly unwilling to accept that a particular IP address linked to unauthorized copies can be associated with a single person and used to prove guilt of some kind. Voice-prints offer a natural identification system that will be harder to challenge. Always-on voice systems might even usher in pricing based on how many people are present in the room, although the BBC post doesn’t quite frame it that way:

“Just by listening to the voices in the room, your TV could automatically detect when there are multiple people in the living room, and serve up a personalised mix of content relevant to all of you in the room. When your children leave the room to go to bed, BBC iPlayer might hear that the children are no longer there and then suggest a different selection of content for you and your partner. All of this personalisation could happen without anyone having to press a button, sign in and out or change user profiles.”

It’s not just the number of people that will be evident to such systems. Advanced AI-based voice recognition can “understand” the content of conversations, and thus the inter-relationships of the participants. It is only a matter of time before owning intelligent voice-based systems is tantamount to having a spy sitting in every room in the house, constantly listening to everything that is said, and understanding it almost as well as a human.

Once these devices are in place, marketing companies will be very keen to know what people are saying and feeling as they watch TV programs and their advertisements, for example, or eating a meal with brand-name dishes. Assuming that the gathering of this information from voice-enabled TVs, ovens and refrigerators will be subject to privacy laws to some extent, the obvious approach would be to offer incentives – perhaps financial ones – to encourage consumers to share their data. Assurances would be given that it would only be used in an anonymous form, as usual, but there would inevitably be leaks of highly-personal information gathered in this way, also as usual.

Even more problematic than commercial snooping of this kind are the intelligence agencies – both domestic and foreign. Home devices with always-on listening capabilities will provide the perfect surveillance tools. Since they are necessarily online – these systems generally work by sending data somewhere, and pulling down system updates periodically – they will also be accessible over the Internet to both state actors and criminal operators. Even if manufacturers are not forced to install backdoors in their products – something that is already an option under UK laws – weaknesses because of programming flaws will inevitably allow unauthorized access and control.

A future Internet of listening, eavesdropping and spying things will represent a serious threat to privacy. That is not to argue that such systems should not be developed, bought and used. But the rapid development of this field, both in terms of increasingly popular products, and innovative research projects, means that we need to start discussing now how the risks can be mitigated. Ideally, that’s through voluntary technical means, but ultimately it might need legislative action if those prove insufficient.

Featured image by Google.

The post Welcome to the Internet of listening, eavesdropping, spying things appeared first on Privacy Online News.

August 25, 2017 at 03:40PM
via Privacy Online News http://ift.tt/2xyHVy4

Canada incentivizes mass surveillance with a mobile app called Carrot Rewards

Canada incentivizes mass surveillance with a mobile app called Carrot Rewards
By Caleb Chen

The Canadian government is using carrots to lure in new helpers in its quest for mass surveillance powers. A new app called Carrot Rewards is a behavioral modification mobile app that was originally created to reward users with redeemable points for taking healthy actions. Carrot Reward’s founder Andreas Souvaliotis explained to the CTV that he had originally started the company to focus on health but quickly realized, through government partnerships, that his app would also be effective in “modifying behavior in other areas as well.” Now, Carrot Rewards has raised over $1.5 million from several local Canadian governments and have rolled out the app to hundreds of thousands of users. According to a July 2017 press release, more than 1% of the Canadian population already has this app downloaded – including over 200k Ontarians.

Would you give up your privacy for a carrot?

Per Carrot’s privacy policy, the app (and therefore its government partners) have permission to “access and collect information from your mobile device, including but not limited to, geo-location data, accelerometer/gyroscope data, your mobile device’s camera, microphone, contacts, calendar and Bluetooth connectivity in order to operate additional functionalities of the Services.” The Foundation for Economic Education (FEE) called the app, “creepy.”

While Canada offers only carrots, other countries offer sticks, too

Another question that begs to be asked is this: What is the stick in this carrot and stick approach? In China, where a social credit score is being used to monitor people, a higher score for doing government-approved actions is used as a carrot while a lower score for doing government-disproved actions is used as a stick. Lower scores can result in lowered internet connection speeds from the state-run ISPs or a host of other government sanctioned penalties, for instance. While the Canadian government hasn’t yet funded an app called “Stick Enforcement,” that could be in the stars.

Like this article? Get notified by email when there is a new article or signup to receive the latest news in the fight for Privacy via the Online Privacy News RSS Feed.

The post Canada incentivizes mass surveillance with a mobile app called Carrot Rewards appeared first on Privacy Online News.

August 2, 2017 at 03:34PM
via Privacy Online News http://ift.tt/2u09XRM

Encrypted Media Extensions: Copyright, DRM and the end of the open Web

Encrypted Media Extensions: Copyright, DRM and the end of the open Web
By Glyn Moody

The World Wide Web Consortium (W3C), which sets standards for the Web, has released what it calls a “disposition of comments“, designed to address objections to the controversial Encrypted Media Extensions (EME). EME is officially “a common API that may be used to discover, select and interact with content encryption systems”. In practice, for the first time it builds DRM officially into the very fabric of the Web, a move that will destroy an openness that has underpinned it since its public release in 1991.

The “disposition of comments” is the formal version of an earlier blog spost by the inventor of the Web, Sir Tim Berners-Lee, which he published back in February. There he explains in more detail why he wants to allow DRM to become part of HTML. It’s clear from both documents that the central argument is that the W3C is simply standardizing an existing situation where many DRM schemes are used, and that by providing a rigorous framework it is making life easier and better for the user. In fact, the W3C even went so far as to insist on Twitter that “There’s no DRM baked in the EME spec.” But as Florian Rivoal pointed out in reply, this is like claiming “Guns are not dangerous if you don’t put bullets in them. We’re just working on guns not bullets, so we’re not doing anything dangerous.”

Some people objected to the comparison, saying that DRM should not be compared to bullets, because DRM can’t kill. But it can, thanks to one of the biggest policy defeats ever suffered by civil society: the WIPO Copyright Treaty, agreed in 1996. Article 11 says:

“Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention”

This is the famous anti-circumvention provision, which is enshrined in the Digital Millennium Copyright Act in the US, and the European Copyright Directive in the EU. It means that it is illegal to circumvent DRM applied to copyright material, even for legal purposes. It effectively raises the protection of copyright material above all other rights. In a world where software is becoming ubiquitous, that’s a big problem. Software is covered by copyright, which means that if DRM is applied to protecting that software, it is illegal to circumvent it, even in order to save lives. Here’s why that is not hyperbole:

“Because of the DMCA, as much as 40% of the computer code in [critical] medical devices remains untested for safety by independent security experts. I am confident that I would find serious flaws in some or all of these devices if the DMCA did not prevent my research. Because of this lack of safety research, as a type 1 diabetic, I feel that using an insulin pump is too unsafe, and I instead self-inject with needles many times daily. I am not alone in this safety assessment: other diabetic security researchers behave similarly.”

As that analysis by a security research professional points out, thanks to the DMCA’s ban on circumventing DRM, it is impossible to look at the code in insulin pumps, artificial organs, birth control implants, kidney dialysis machines and morphine infusion pumps that collectively keep millions of people alive. There is thus no way of checking whether such systems have bugs that could lead to injury or death, either through accidental malfunction or because of malicious interference. One person taking the latter threat very seriously is former US Vice-President Dick Cheney, whose heart defibrillator was modified to prevent external access. DRM can indeed kill, although probably not when used on Web pages. But even there it is undeniably harmful, as Berners-Lee recognizes:

“Since EME directly interacts with CDMs [Content Decryption Modules – the DRM “bullets” for EME’s “gun”], it may appear that the W3C specification sanctions the notion that research into EME may be deemed “circumvention” under copyright anti-circumvention laws.”

Cory Doctorow explains how top researchers, digital rights activists and well-known tech organizations all suggested ways of addressing that serious issue, but copyright companies refused to allow even the narrowest protection to researchers. Instead, this is what the W3C came up with:

“We also recommend that such [organizations involved in DRM and EME implementations] not use the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA) and similar laws around the world to prevent security and privacy research on the specification or on implementations.”

A “recommendation” – a pious hope – with no obligation, is worthless in terms of shielding researchers. They will naturally want to avoid the risk of prosecution, and so EME code will remain unchecked by them, making it likely that bugs will not be spotted. Thus, contrary to Berners-Lee’s claim that the new DRM in HTML approach will bring with it better security – one of his primary justifications for EME – it will in fact mean that there are unsuspected, possibly serious vulnerabilities.

And yet even the problems caused by anti-circumvention laws are dwarfed by the central threat of the new EME approach: that once a precedent has been set by introducing it for video, it will then be extended to other media. Berners-Lee himself admits this is a risk:

“For books, yes this could be a problem, because there have been a large number of closed non-web devices which people are used to, and for which the publishers are used to using DRM. For many the physical devices have been replaced by apps, including DRM, on general purpose devices like closed phones or open computers. We can hope that the industry, in moving to a web model, will also give up DRM, but it isn’t clear.”

Even that downplays the full catalog of horrors we could face once DRM has been definitively blessed and normalized by the W3C as an official part of HTML (the Free Software Foundation points out that there is still a tiny chance it could be stopped.) Some years back, the EFF spelt out what EME could lead to:

“A Web where you cannot cut and paste text; where your browser can’t “Save As…” an image; where the “allowed” uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively “View Source” on some sites, is a very different Web from the one we have today.”

It is simply tragic that the man who created the World Wide Web, and then, in an act of great generosity, released it freely to the world, should acquiesce in this terrible mistake that will destroy a key aspect of his gift: its openness.

Featured image by Nino Barbieri.

The post Encrypted Media Extensions: Copyright, DRM and the end of the open Web appeared first on Privacy Online News.

July 9, 2017 at 05:25PM
via Privacy Online News http://ift.tt/2uZ3ffa

Canadian Supreme Court decision forces Google to participate in censorship by removing search results worldwide

Canadian Supreme Court decision forces Google to participate in censorship by removing search results worldwide
By Caleb Chen

A recent decision by the Canadian Supreme Court will force Google to remove a particular site from search results all around the world, not just in Canada. While Canada has committed to upholding net neutrality and treating all data traffic the same; they have definitely also taken a hard stance on how they wish to treat search results. The Canadian Supreme Court ruled 7-2 to uphold an order to force Google to de-index and de-list an entire domain from its search results all over the world. The recent court decision strikes down Google’s appeal to that decision. The EFF in America tried to intervene in the case, telling the Canadian courts that the injunction ran contrary to American law. Despite that, the Supreme Court defended their decision:

“This is not an order to remove speech that, on its face, engages freedom of expression values, it is an order to de-index websites that are in violation of several court orders. We have not, to date, accepted that freedom of expression requires the facilitation of the unlawful sale of goods.”

Canada enforces censorship worldwide

David Christopher, a spokesperson for the Open Media Group, explained that the Canadian Supreme Court decision potentially opens a Pandora’s box of censorship all around the world:

“There is great risk that governments and commercial entities will see this ruling as justifying censorship requests that could result in perfectly legal and legitimate content disappearing off the web because of a court order in the opposite corner of the globe.”

Even if this particular site violated Canadian law and is rightfully delisted within its jurisdiction, being able to extend Canadian law onto the global internet is a huge stretch and sets us on a very slippery slope. What if a country like Iran decides to force Google to block things that are expressly illegal in Iran but completely legal most everywhere else around the world? In fact, this particular case, involving copyright infringement, was very likely cherry picked to provide the least amount of public resistance. The fact of the matter remains: An international legal censorship precedent has been set. Dina PoKempner of the Human Rights Watch also commented:

“The court presumed no one could object to delisting someone it considered an intellectual property violator. But other countries may soon follow this example, in ways that more obviously force Google to become the world’s censor. If every country tries to enforce its own idea of what is proper to put on the Internet globally, we will soon have a race to the bottom where human rights will be the loser.”

Google responded:

“We are carefully reviewing the court’s findings and evaluating our next steps.”

Like this article? Get notified by email when there is a new article or signup to receive the latest news in the fight for Privacy via the Online Privacy News RSS Feed.

The post Canadian Supreme Court decision forces Google to participate in censorship by removing search results worldwide appeared first on Privacy Online News.

June 29, 2017 at 01:56PM
via Privacy Online News http://ift.tt/2sqjiRr

Bag searches at borders reveal more than ornamental nipple clamps

Bag searches at borders reveal more than ornamental nipple clamps
By Simon Davies

bag search 2 edit

Bag searches at the border are becoming a privacy issue. Simon Davies explains why we need to put our foot down on zealous security officials. 

The online world is replete with embarrassing tales of air travellers who have suffered the indignity of having the intimate contents of their luggage aired in public by zealous security officials. I’ve seen more and more of these accounts lately, often involving the waving around of everything from kinky underwear to jumbo condom packets.

I can empathise, though on this occasion I’d like to focus on the rarely discussed aspect of international rail travel.

Some time ago, I travelled by train from Hamburg to Copenhagen. It’s normally a peaceful journey, stopping along the way to board the ferry between the towns of Puttgarden (on the German side) and Rodby (on the Denmark side).

It turned out that “probable cause” and “reasonable suspicion” are not legal terms in the vocabulary of most officials.

On this occasion the trip was not so convivial. Thanks to various reactionary government edicts, border controls throughout this European region – and almost everywhere else – have been ramped up (though there is, as some reports describe it, a glimmer of hope that the EU borders are being relaxed in places).

Three border officials approached me en-masse and politely requested to search my bags. Well, they asked as politely as border officials are pathologically able to ask.

As seasoned travellers will know, I use the word “requested” with a tinge of irony. Refusing search requests at a border would probably result in me being escorted to the next train back to Germany. Cancellation of your privacy and fourth amendment rights is not confined to airports.

It turned out that “probable cause” and “reasonable suspicion” are not legal terms in the vocabulary of most officials. I reluctantly consented, under protest.

I’ll hand them something; they were meticulous. Meticulous to the point of obsession. In hindsight, when they asked if I had any drugs on me I shouldn’t have responded “No, but I know a guy who does if you really want some”. You can’t get away with joviality at the border, even on a train.

The search began in earnest and I started to worry whether I might have something “of interest”, or even slightly humiliating. After a few weeks of travel you collect a lot of random stuff. You know, some prankster friend hilariously gives you a pair or ornamental nipple clamps after a long night on the booze. That sort of thing. I got to thinking of that iconic search scene in Austin Powers. The one with the Swedish penis enlarger pump.

Sydney Airport Media demonstration of new carry on baggage restrictons and security check in measures for International passengers. A security officer examins a womans carry on containers. All containers must now be 100 millilitres or less and sealed in a clear plastic bag. ( airport staff posing as passengers) SMH NEWS PIC BY LEE BESFORD. Thursday 29th March 2007.

On a more serious note, did I pack those conference papers on terrorist networking? Or that academic report on radicalism? Shades of the McArthyism era sprang to mind.

They started by holding aloft a roll of toilet paper from my backpack.

OK, let me be clear here. There are some items that the long-haul traveller packs as a matter of necessity. Toilet paper is one such item.

I polled a number of colleagues on this point, and our list of essentials and emergency items eerily converged. We all travel for long periods and have independently gained a common understanding of such matters. For the record, here is the list:

Passport, umbrella, grocery bags, power adapter, ethernet cable, toilet roll and basic toiletries, combined bottle opener and cork screw, pen and paper, asprin, water bottle, ingredients for making tea or coffee, plasters, spare shoe laces, reading material, rubber bands, snacks, cash, dental floss and ear plugs.

Beyond that list, almost everything is suspect – but also toilet roll, apparently.

Why do you carry this?”enquired one of the sanitary investigation officials in a voice that may or may not have been loud enough to be overheard in Romania..

did I pack those conference papers on terrorist networking? Or that academic report on radicalism? Shades of the McArthyism era sprang to mind.

There really is no easy answer to that line of questioning, so I resorted to shrugging my shoulders rather than doing a mime act on my behind. This did provide some amusement to fellow travellers, some of whom had abandoned their crossword puzzles and MP3 players to observe the scene.

Another official found a small hand carved wooden duck which was given to me as a gift by a conference in Norway. I had completely forgotten about that duck.

It was a beautiful duck, doubtless carved by rustic artists from an ancient Spruce tree on the shores of a remote exotic fjord. Someone had gone to the trouble of daubing it with art-nouveau yellow and blue circles, just like ducks aren’t.

The officials were intrigued. What is this? One asked, slowly turning it around like an antiques expert. Fellow passengers also seemed curious to know. After all, they had become part of this show.

They prodded that duck. They held it to the light, shook it, tapped it and meddled with its bits. “Are there drugs in here?”

I explained that it was just a duck. I then went on to show them the relevant conference programme and my talk on jurisdictional conflicts arising from the General Data Protection Regulation. You would think that investigatory people would have an opinion on that subject, but apparently not. They don’t make border officials like they used to.

After the duck controversy had been resolved, they discovered a bag of electrical peripherals – or “wiring”, as they described it. That is, three mobile phone chargers, the essential ethernet cable, a micro USB cable, remote drive, batteries and sundry other items necessary for the digitally connected traveller.

Thankfully there was enough sense among the posse to move on from an interrogation about explosives equipment.

This search went on for a further few minutes until the bags were exhausted of opportunity. What slightly annoyed me was that they didn’t even find the bag of sugar that I carry with me. They did, however, enjoy going through my documents and correspondence and loudly enquiring about particular aspects, such as a trip to Moscow and personal correspondence with a former UK Home Secretary. There is no requirement to log such observations.

The point of this diatribe is that border people need to learn some respect for people’s dignity and privacy. Codes of conduct that currently exist for pat-downs should be extended to bag searches to provide some assurance of personal rights. This applies in particular to searches on trains and buses, where the proximity of other travellers is intimate and close.

The UK government, as an example, employs a standard that requires bags to be checked in front of the traveller, but offers no guidance on how those items are checked. Nor does it offer advice on how officials should avoid humiliating searches. The codes of Canada and Australia are similarly vacant.

Yes, I understand that in the big scheme of things in privacy – or even in border privacy – this aspect might seem trivial, but it is often those more arcane elements of privacy that end up setting a broader standard for us all.

June 25, 2017 at 08:52PM
via The Privacy Surgeon http://ift.tt/2te7TIo

Australia wants to be able to read your encrypted messages

Australia wants to be able to read your encrypted messages
By Caleb Chen

Australia’s Attorney General Senator Brandis announced over the weekend that he would be leading the discussion on squeezing tech firms and forcing them to encryption backdoors in secure messaging apps at the next annual meeting of public security ministers and attorney generals from the Five Eyes countries (United States, Canada, United Kingdom, New Zealand, and Australia). Brandis announced his plan to seek greater power over encrypted messaging and the tech firms that provide it in a joint statement:

“I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption. These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies.”

It is still entirely unclear how these politicians would propose forcing tech firms to be able to decrypt messages without a backdoor – but it is clear that they will be discussing in earnest at the upcoming closed door meeting of these five countries’ security arms.

Australia to push tech companies for a way to read encrypted messages, continues to deny that such a thing is a backdoor

Beyond the conundrum of how to technically provide a way to decrypt encrypted messages without an encryption backdoor… What about citizens’ right to privacy? Earlier this month, as Australia’s plans to talk about encrypted messaging at the upcoming Five Eyes meeting was first being unveiled, Australia’s cyber security special advisor, Alastair MacGibbon, tried to justify the move by saying that:

“From time to time we do expect our privacy to be breached. From time to time you would expect a law enforcement agency to break into a private communication online.”

That is to say – The government is still actively trying to peddle the poisonous idea that privacy is not an absolute thing. Brandeis will likely find an ally in the United Kingdom, where Theresa May has called for censorship and encryption backdoors of their own. Russia is even attempting to ban Telegram, their homegrown encrypted messaging app. In sharp contrast, politicians in the Europe have been calling for “state-of-the-art,” end-to-end encryption and a clear lack of backdoors.

Like this article? Get notified by email when there is a new article or signup to receive the latest news in the fight for Privacy via the Online Privacy News RSS Feed.

The post Australia wants to be able to read your encrypted messages appeared first on Privacy Online News.

June 26, 2017 at 02:50PM
via Privacy Online News http://ift.tt/2u8qjYg

Private Internet Access shines the cat signal for net neutrality

Private Internet Access shines the cat signal for net neutrality
By Caleb Chen

Today, Private Internet Access is shining the cat signal with a full page ad in the New York Times to gain support for the Net Neutrality Day of Action that Fight for the Future and other organizations are is planning at Battle for the Net.

Net.

We, the people of the Internet, have stopped these draconian attempts to close our access to the open internet in the past, and we must do so again each time. Join us at the Internet Defense Leaguefor this and future actions.

Cat Signal shines in the New York Times

cat signal new york times

Continue reading“Private Internet Access shines the cat signal for net neutrality”

The post Private Internet Access shines the cat signal for net neutrality appeared first on Privacy Online News.

June 25, 2017 at 02:02AM
via Privacy Online News http://ift.tt/2u23PrU