Presentation is loading. Please wait.

Presentation is loading. Please wait.

Types of Surveillance Technology Currently Used by Governments and Corporations Jeffrey Aresty President, Internetbar.org www.internetbar.org www.cyberspaceattorney.com.

Similar presentations


Presentation on theme: "Types of Surveillance Technology Currently Used by Governments and Corporations Jeffrey Aresty President, Internetbar.org www.internetbar.org www.cyberspaceattorney.com."— Presentation transcript:

1 Types of Surveillance Technology Currently Used by Governments and Corporations Jeffrey Aresty President, Internetbar.org March 2006

2 2 Introduction At present, users obtain various online identities (“IDs”) from ISPs URLs IDs function on the Internet in anonymous space—an online “ID” does not actually identify the person connected with the ID Anonymity facilitates theft, fraud, and abuse

3 3 Introduction In contrast, in the works are efforts to create a new layer of identity Focusing on the user, the new system would not require multiple online IDs, but would be characterized by a single sign-on The system, called an “open security,” would be more secure and trustworthy, reducing theft, fraud, and abuse

4 4 Introduction In part because we do not yet have security on line, governments and corporations can, and do, breach privacy with technology Intrusions fall into two categories Cyberspace intrusions Breaches of privacy in the physical world Increasing capacity and tendency to use technology to connect new and old technologies for surveillance

5 5 Real-World Technologies that Intrude on Privacy Cameras Eavesdropping Face-Recognition and other Biometrics “No Fly” and Similar Watch Lists Odor Prints Radiation Detection Technology RFID Smart Video Surveillance

6 6 Cameras Cameras have been used for decades by governments to monitor traffic to detect and prevent crime by corporations to surveill private businesses to detect and prevent crime in retail establishments

7 7 Cameras In Britain, more than four million closed-circuit (“CCTV”) cameras 1,800 cameras in railway stations; 6,000 in underground train network and buses CCTV tapes used in July 2005 London bombings investigation In US, 5,000 cameras in New York City’s transportation systems US Border Patrol uses Remote Video System (“RVS”) along borders, costing over $64 million in FY2005 Worldwide, video surveillance software sales in 2004 were $147 million; expected to reach $642 million in 2009

8 8 Eavesdropping US government has capacity and authority to monitor , telephone, pager, wireless phone, facsimile, computer, and other electronic communications and communication devices Court order is required except in emergencies and cases of national security In 2003, 1,442 wiretaps requested, all granted, intercepting over four million conversations

9 9 Eavesdropping National Security Agency (“NSA”) uses “Echelon”— global electronic eavesdropping system Picks up telephone, , Internet upload Downloads communications transmitted by satellite, microwave tower, cable Information sifted by supercomputers for terrorism information Software-defined radio, a wireless technology, makes cell phones and computers easier to bug and m akes intercepting device compatible with networks

10 10 Face-Recognition and other Biometrics Biometric devices scan, record, and recognize Irises Voices Facial bone structure Improved picture quality technology enables face-recognition software to inspect 1/400th of face—size of pores Infrared technology piggybacked onto face-recognition software enables three-dimensional “map” of face Plans for US passports with face-recognition biometrics and RFID chips EU requires member states to have face biometrics in passports in mid-2006

11 11 Face-Recognition and other Biometrics In 2003, biometric face-recognition software resulted in over 40% false positives $4.7 billion industry in 2009 Other biometrics: below-skin fingerprints (capture swirling patterns of capillaries) palm scanners that read vein patterns iris scanners gait-recognition systems (measure torso’s silhouette and movement of shoulders and legs to determine individual signature strides)

12 12 “No Fly” and Similar Watch Lists In 2005, 12 separate lists maintained by nine US governmental agencies Confusion and lack of leadership in maintenance of lists; some lists outdated “List bloat”—lists become unreasonably large from incentive to add names, sloppiness Innocent individuals’ names appear

13 13 “No Fly” and Similar Watch Lists Access to the lists curtailed in the name of security—nearly impossible to discover if and why a name is on the list, much less have it removed Lists will connect with government-developed “Secure Flight” Related: British government pressing for creation of comprehensive electronic population register

14 14 Odor Prints Odor-printing technology is based on premise that each human being has distinct set of odors that could serve as an identifier

15 15 Radiation Detection Technology US Customs and Border Protection (“CBP”) employs radiation-detection technologies at official entry points, including Highly sensitive personal radiation detectors Radiation portal monitors Hand-held radiation isotope identifiers

16 16 Radio Frequency Identification (“RFID”) Tiny computer chips use electromagnetic energy in the form of radio waves to track things from a distance Nicknamed “spychips” Can travel through clothing, backpacks, briefcases, wallets, walls, and windows without obstruction, misorientation, or detection RFID chips read and retain biometric information, such as fingerprints and photographs

17 17 Radio Frequency Identification (“RFID”) The RFID tag, in use in 2005, contains Tiny silicon computer chip with unique ID number Connected antenna RFID tag is Thumbnail size Affixed to plastic surface Paper thin Can be embedded into clothing label, where it is virtually undetectable

18 18 Radio Frequency Identification (“RFID”) “Passive” RFID tags do not have their own internal power source, but communicate when a reader seeks a signal from them “Active” or self-powered RFID tags have a battery attached and so can actively transmit information RFID reader emits radio waves, seeking out RFID tags RFID easily integrates into existing database systems Electronic Product Code—every, single object on Earth will have its own unique ID number

19 19 Radio Frequency Identification (“RFID”) By 2005 embedded in some Worker uniforms Employee and student ID badges Toll transponders Animals (pets and livestock) Warehouse crates and pallets Gasoline cards Consumer products such as diapers and shampoo Library books Toll collection systems such as EZ-Pass Keyless remote systems for cars Keyless remote systems for garage door openers

20 20 Radio Frequency Identification (“RFID”) Predicted to be embedded soon in Clothing Passports ATM cards Vehicles US postage stamps Paintings Beads Nails Wires Cash

21 21 Radio Frequency Identification (“RFID”) “VeriChip”—glass capsule containing RFID device to be injected into human flesh for ID and payment purposes 60 persons in US had VeriChips at end of 2005 Also, injected into deceased victims of Hurricane Katrina RFID is predicted to be used by Retailers to price products according to customer’s purchase history and value to store Pharmaceutical manufacturers on prescription medications Banks to identify and profile customers who enter premises Governments to electronically frisk citizens at invisible checkpoints track citizens in airports and border-crossing points track mail sent from point to point through embedded postage stamps track library materials

22 22 Smart Video Surveillance Video surveillance combined with behavior- recognition software Uses computer to “Learn” what “normal” behavior is Identify unusual activity, such as shifting in one’s seat on a bus Work in conjunction with other technology such as facial-recognition systems

23 23 Privacy Intrusions in Cyberspace Clickstream Data Analysis Cookies Man-in-the-Middle Attacks Pharming Phishing Spyware Voice Over Internet Protocols (VoIPs) Web Bugs

24 24 Clickstream Data Analysis Logs of transactions recently performed on Internet computers, such as Addresses of computers that have made requests Date and time How computer’s services were used Which page was visited prior to entrance into Website How Website was exited Internet logs also called “Clickstreams” Can be used to prepare statistics about paths taken and not taken by Internet users

25 25 Cookies Small file placed and stored on user’s computer by remote computer Used to track information about how user moved about Website Which choices made Which links clicked User visits same Website again and cookie, now written onto user’s computer, provides information about user’s last visit Cookies can be used to build user profiles Internet sites share cookie information with others

26 26 Man-in-the-Middle Attacks Computer security breach in which hacker intercepts, reads, and alters data traveling along network between two Websites Also called “TCP hijacking”

27 27 Pharming Hacker’s redirection of Internet traffic from one Website to another Second Website appears identical to legitimate site User is tricked into entering user name and password into fake site “DNS poisoning” or “DNS cache poisoning” used to reroute user Domain name system’s servers corrupted

28 28 Phishing Internet user receives appearing to be legitimate and from reputable company, asking user to reply with updated credit card information Clicking on link sends user to fake Website, where user provides Credit card information Date of birth Address Site password Social Security number Also called “brand spoofing” “Puddle phishing” is phishing specifically targeting a small company, such as community bank

29 29 Spyware Software that sends data about user when computer is connected to the Internet

30 30 Voice Over Internet Protocols (VoIPs) Method for speaking through computer by phone or microphone Analog voice signal converts to digital format Broadband networks transmit calls in Internet Protocol (“IP”) packets Also called Internet telephony VoIP vulnerable to eavesdropping A free Internet program captures and converts transmissions to audio files

31 31 Voice Over Internet Protocols (VoIPs) Is VoIP a communications service or information service? In 2005, FCC adopted rules requiring VoIP providers to allow law enforcement to tap into Internet phone calls FBI has authority and ability to conduct surveillance of broadband users pursuant to court order

32 32 Web Bugs Tiny, invisible image or graphic embedded into HTML-formatted Website or message to track users’ activities Web bugs present as HTML IMG tags Provide Website owner with information about hits, including IP address of user’s computer Type of browser used Time of the hit Previously set cookies Also called “HTML bugs” or “clear GIFs”

33 33 Connectors of Information Automated Targeting System Automatic Number Plate Recognition System CALEA Petition for Rulemaking Data Mining ID Cards Integrated Automated Fingerprint Identification System Multistate Anti-Terrorism Information Exchange “Secure Flight” and other Targeting Systems Sharing/Databases Terrorist Screening Database of the Terrorist Screening Center Total Information Awareness US-VISIT

34 34 Automated Targeting System (“ATS”) US Customs and Border Protection technology collects and analyzes cargo shipping data Distinguishes and identifies high-risk shipments

35 35 Automatic Number Plate Recognition System (“ANPR”) Britain’s national database Each camera on a pole or in police van is supported by a computer Allows for automatic tracking Information obtained by camera immediately cross-referenced with database In 2006, information could be stored for two years; projected to be able to store for five years

36 36 CALEA Petition for Rulemaking In August 2005, FCC ruled that Internet broadband access providers and certain VoIP service providers must design networks to be wiretap-friendly pursuant to Communications Assistance for Law Enforcement Act (CALEA) of 1994

37 37 Data Mining Computer systems that search numerous databases for correlations between data Currently used by corporations to determine consumer preferences

38 38 ID Cards Biometric ID cards to be issued starting in 2008 to voluntary participants in Britain would become compulsory in 2013 Cards contain Name Gender Date and place of birth Current and previous addresses Immigration status Chip containing Digital photo Fingerprints Iris scans

39 39 Integrated Automated Fingerprint Identification System (“IAFIS”) System electronically compares live-scanned fingerprint with database of previously captured fingerprints

40 40 Multistate Anti-Terrorism Information Exchange (“MATRIX”) Integration of factual, disparate data from existing sources to Web- enabled storage systems to identify and combat criminal activity Includes Aircraft and other property ownership records Bankruptcy filings Corporate filings Criminal history records Digital photographs Driver’s and pilot’s licenses State professional licenses State sexual offenders lists Terrorism watch lists UCC filings Vehicle registrations

41 41 “Secure Flight” and other Targeting Systems Secure Flight passenger-screening program Computer-assisted passenger screening system that searches databases, matches passenger against FBI consolidated watch list, and rates passenger with a “threat level” in red, yellow, or green Based on tagging, passengers could be scrutinized, interrogated, or detained Might incorporate behavioral profiling Goal is to link in real time to video images—automatic link between video of terrorist suspect and watch list Not yet approved in mid-2005

42 42 “Secure Flight” and other Targeting Systems Border Patrol Targeting Systems Enhancement Over $20 million budgeted in US Department of Homeland Security in 2005 Seeks to develop and refine automated target recognition systems using latest sensor technology Semantic Information Fusion Seeks to correlate disparate data about human targets, including Location Identity Behavior Creates composite description of a particular situation Uses linguistic information and physics-based models of access, mobility, and visibility to reconstruct past and infer current events

43 43 Sharing/Databases Governments increasingly share citizens’ personal information with each other and with the private sector “Data... are tributaries flowing into one giant river of databases.” Lee Tien, Electronic Frontier Foundation (Aug. 8, 2005)

44 44 Terrorist Screening Database (“TSDB”) of the Terrorist Screening Center (“TSC”) Aggregates numerous government watch-lists In 2005, TSDB had over 200,000 names, ranging from known terrorists to persons suspected of having some ties to terrorism Each name receives one of 28 codes, describing person’s connection to terrorism Names are categorized according to the actions users should take when encountering someone on list

45 45 Total Information Awareness (“TIA”) Computer surveillance system proposed by Department of Defense Would have used data mining and networking to connect sources of information including Credit card purchases Bank transactions Shut down by Congress in 2003

46 46 US-VISIT Project of US Department of Homeland Security to develop biometric-enabled system for collecting, maintaining, and exchanging information on foreign nationals $340 million budgeted for FY2005

47 47 Conclusion Government and corporations are using many technologies for surveillance, invading privacy in cyberspace and in the real world Do citizens and consumers care? What can we do to protect our privacy and to manage our digital identities and digital reputations?

48 48 For more information Contact Jeffrey Aresty, President, Internetbar.org, Articles on privacy-invading technologies and public attitudes toward privacy invasions are available now Article on digital identity will be available soon


Download ppt "Types of Surveillance Technology Currently Used by Governments and Corporations Jeffrey Aresty President, Internetbar.org www.internetbar.org www.cyberspaceattorney.com."

Similar presentations


Ads by Google