Surveillance

Declan McCullagh of CNET has reported on a patent recently granted to the NSA that allows it to map where someone might be accessing the Internet from. The article describes the process this way:

"The NSA's patent relies on measuring the latency, meaning the time lag between computers exchanging data, of 'numerous' locations on the Internet and building a 'network latency topology map.' Then, at least in theory, the Internet address to be identified can be looked up on the map by measuring how long it takes known computers to connect to the unknown one."

It’s not really clear just how scary or helpful this tech is going to be. There are some limitations to the algorithm that the CNET article points out (dialup service users are tougher to find). In addition, other commercial companies are coming up with their own ideas for geo-location that they are selling to advertisers wanting to show geo-specific ads or credit card companies wanting another weapon in the fight against online shopping fraud.

What’s notable is:

1) that it is the National Security Agency that applied for the patent – since they don’t post that many ads online, we can only imagine what purpose the tech will be used for and

2) that a government agency is getting a patent at all. As Daniel Brookshier (A.K.A. Turbogeek) suggests in a post on p2pnet, the government shouldn’t be patenting any technology that tax dollars have funded.

The learning from all this for us average folks is that the business of tracking where we are continues to expand…

Just a little bit of paranoia thanks to the Electronic Frontier Foundation. In July, the group asked for help on a new project seeking to understand how color laser printers can be used to track us.

Last Fall, PC World reported that the US Secret Service had requested printer manufacturers to develop technology that could print the printer’s serial number and manufacturer’s name on each document so that it was an indiscernible marking. Several companies have apparently done just this.

Both printer manufacturers and the government have pursued the use of codes to help crack down on counterfeiters, but with the ACLU’s recent discovery that the FBI had amassed a file on their activities that is over 1,100 pages long, the EFF has suggested that information encoded on printouts of political pamphlets or protest letters could be used in an investigation.

In order to monitor the program, the EFF is asking anyone with legitimate access to a color printer to print out and send them a series of test sheets.

UPDATE: The EFF has cracked the code for Xerox DocuColor printer models. The information printed in a series of yellow dots tells the date and time a document was printed as well as the serial number of the computer.

Using the vaguely utopian name of “Fusion Centers”, the philosophical successor to MATRIX is gathering speed.

According to a report in the Washington Technology Week, “Fusion centers, which are collaborative efforts to combine and analyze anti-terrorism information from multiple sources, have becoming increasingly popular as part of homeland security.

A number of states, including Arizona, Colorado, Illinois, Kansas, Maryland, Massachusetts and New York, currently operate so-called fusion centers, and many more states, such as Missouri, are considering doing so.”

Recently, the Department of Justice issued a report to help states create centers and coordinate their activities. Although the report contains many suggestions on protection of privacy and civil liberties, the “Fusion Center Guidelines also suggests that the centers use a broad variety of databases. Info sources include drivers’ licenses, motor vehicle registrations, criminal justice and corrections sources, as well as unnamed “public and private” databases.

A recent piece in Wired points us to the TSA’s page on how to obtain clearance status if you suspect your name appears on the No Fly List.

(also posted in Lists, Lists, Lists)

What you ship to people via FedEx is being tracked. This is hardly news. FedEx makes a big deal of how you can follow a shipment via their website by typing in a package’s tracking number.

In today’s world of technology mission creep, however, all of the information collected by FedEx is now being used as a tool to fight terrorism.

Robert Block of the Wall Street Journal reports that if you send a package overseas, customs inspectors can look at your data in FedEx’s customer database and cross reference it with their own lists.

FedEx has also trained its 250,000 employees – including the drivers who walk into countless offices and homes - to watch out for suspicious shipments and report them to the Department of Homeland Security via their own version of a hotline.

And finally, when you sign the waiver to ship a package you also consent to having the packages inspected – without a warrant.

The civil liberties and privacy implications of making the contents and history of what you ship available to a government that is supposed not to repurpose data collected on its citizens doesn't impress FedEx’s CEO.

If you think there is an issue here, send your shipments with UPS – which at this point states that it does not share information except under court order.

Various committees in Congress are marking up the new Patriot Bill. There appears to be a little more debate about its powers than happened last time, but early signs of what Congress is doing are concerning.

One Senate committee approved a provision to allow the FBI to issue search orders without prior judicial approval and to seize personal records from medical facilities, libraries, hotels, gun dealers, banks and other businesses without any specific suspicion of criminal activity, or any specific facts connecting the records sought to an agent of a foreign government.

And they did it behind closed doors…in response, the ACLU has started a campaign to pressure our legislators to open the doors and let us into the discussion.

They’ve also created a handy little quiz to help you determine if you might be someone the FBI could decide to keep a file on.

Last September, I wrote a slightly tongue-in-cheek post comparing the number of wiretaps ordered by the US government, which bugs about .001% of the population, with a report on the level of activity from the South Korean government, which tapped about .002% of their citizens.

An article in the March 5th edition of The Economist suggests that, in fact, the nosy US and South Korean officials are mere dilettantes. It seems an Italian mobile-phone operator has recently informed the Italian government that it couldn’t meet the demand for phone taps from law enforcement and the courts. Given that the company had set aside 5,000 duplicate lines just for this purpose, their statement is quite extraordinary. Indeed, based on the number of customers at this company and all the other Italian phone companies, the article’s author estimated that around 15,000 Italians (or more than 2.5% of the country’s population) might be bugged at any given time.

The Italian justice minister confirms that the number of wiretaps in his country is “far higher than for any other European country.” Far higher than a couple of other countries I can think of too…

Fans of the Wachowski brothers futuristic movie series must have hated it. But now its over. On April 15th, the Multistate Anti-Terrorism Information Exchange (MATRIX) project, a controversial effort to data mine information on citizens across the country, ran out of money.

Combining data from a host of sources (including driver’s license records, property records, professional licenses, corporation filings), MATRIX offered a comprehensive directory of US citizens that law enforcement could search in a matter of seconds. A police officer could input a partial license plate and instantly get a list of all license plates that might match, as well as full information on each vehicle’s owner.

During the project’s 2 years, all but four states (Connecticut, Florida, Ohio, and Pennsylvania) dropped out after finding that adequate safeguards to protect the privacy and civil liberties of ordinary citizens were missing. The fears might not have been misplaced. The company that built the database and accompanying analysis software was Seisint, run by an alleged former drug smuggler and recently implicated in the data breach that exposed personal information on almost 300,000 people.

While providing more effective tools to law enforcement can be considered a good thing, the problems with the program induced the Justice Department and Department of Homeland Security not to renew funding, and the project in its current form has been shut down.

As with other controversial data mining projects, however, MATRIX is not going to go away altogether. The State of Florida is currently negotiating with Boca Raton-based Seisint to continue to use it.