Tag Archives: Surveillance

FBI Conducted Millions of Searches of Americans’ Electronic Data in 2021 without a Warrant

Cristina Laila
Published April 29, 2022

The FBI conducted millions of searches of Americans’ electronic data in 2021 without a warrant, according to a new report released by the Office of the Director of National Intelligence.

The FBI claims it conducted the searches as they sought to curb cyberattacks.

“In the first half of the year, there were a number of large batch queries related to attempts to compromise U.S. critical infrastructure by foreign cyber actors,” according to the report, Bloomberg reported. “These queries, which included approximately 1.9 million query terms related to potential victims — including U.S. persons — accounted for the vast majority of the increase in U.S. person queries conducted by FBI over the prior year.”

The ACLU called the FBI’s warrantless spying an invasion of privacy ‘on an enormous scale.’

Bloomberg reported:

The FBI searched emails, texts and other electronic communications of as many as 3.4 million U.S. residents without a warrant over a year, the nation’s top spy chief said in a report.

The “queries” were made between December 2020 and November 2021 by Federal Bureau of Investigation personnel as they looked for signs of threats and terrorists within electronic data legally collected under the Foreign Intelligence Surveillance Act, according to an annual transparency report issued Friday by the Office of the Director of National Intelligence.

The authority the FBI used in this case was under Section 702 of FISA, which is set to expire at the end of next year unless it’s renewed by Congress.

The report doesn’t say the activity was illegal or even wrong. But the revelation could renew congressional and public debates over the power U.S. agencies have to collect and review intelligence information, especially data concerning individuals. In comparison, fewer than 1.3 million queries involving Americans’ data were conducted between December 2019 and November 2020, according to the 38-page report.

The report sought to provide a justification for the increase in queries during the last year.

The FBI Boosts Its Social Media Surveillance Technology

By Didi Rankovic

Both US law enforcement and Babel Street CEO Jeffrey Chapman seem to like to keep it in the family: Chapman is a former Treasury Department official and a former intelligence officer, whose data mining “AI” company will now furnish the FBI with 5,000 licenses for one of its tools.

The contract is worth up to $27 million.

The licenses, to be provided by Panamerica Computers IT vendor, give the FBI – specifically its Strategic Technology Unit of Directorate of Intelligence – the right to use a data analytics tool called Babel X, which harvests user data, including location, from the internet.

This Directorate is supposed to collect data that’s publicly available online.

When the FBI issued a procurement call for a tool, whose purpose, boiled down, is to track a massive number of social media posts, the agency said that it must provide capability of searching multiple social media sites, in multiple languages.

As per FBI’s procurement documents, the tool had to be able to scrape data from Twitter, Facebook, Instagram, YouTube, LinkedIn, Deep/Dark Web, VK, and Telegram, while being able to do the same with Snapchat, TikTok. Reddit, 8Kun, Gab, Parler, ask.fm, Weibo, and Discord would be considered a plus, FedScoop said.

In addition, the FBI said it would prefer more “fringe” as well as encrypted messaging platforms to be included in the winning bid. Another requirement was for the tool to carry out surveillance of these sites continuously, while the data collected would be held by the vendor and then pushed to the FBI.

Back in 2020, reports said that Babel X was selling a platform called Locate X to a number of law enforcement agencies: Homeland Security, the Department of Defense, and the Secret Service, and that the data broker’s tool was capable of collecting real-time location data from a huge number of users.

Locate X was taking location data anonymously from well-known phone apps that incorporate mapping or targeted ads, and is used for dragnet surveillance via the digital fence method.

Sourced from Reclaim the Net via Truth Unmuted

Fusion Centers Target The Homeless, Substance Abusers, Protesters And More

A damning report on the Maine Information Analysis Center (MIAC), or fusion center, reveals just how intertwined corporate and government surveillance of the public has become.

Fusion centers are notoriously secretive about public surveillance and what little we know can be summed up thusly:

“official secrecy, moreover, cloaks fusion centers, so what little public information is available on a particular fusion center rarely provides much detail on its unique profile.”

The MIAC Shadow Report reveals how law enforcement goes out of their way to hide who’s actually in charge of public surveillance, and it is pre-occupied with people committing conventional crimes.

The report begins by revealing what many of us already knew or suspected: fusion centers have been and continue to surveil protesters and activists.

“Fusion centers are the nerve system of mass criminalization” the report warns. A major concern of the authors is how fusion centers use private corporations to conduct secret facial recognition and social media surveillance of “people of interest” and warns that self-governing fusion centers are fraught with peril.

Despite there being a statewide ban of using facial recognition to ID innocent people in Maine there is evidence MIAC uses data brokers to do an end-run around privacy bans.

“This legislation bans the use of the technology in most areas of government and strictly limits its use by law enforcement.9 In our review of BlueLeaks documents, we found documents that raise questions about the MIAC’s use of private data brokers and ability to analyze cell phone data. These systems, like the recently regulated facial recognition technology, also pose existential threats to privacy and other basic rights.”

The report also found that fusion centers are being used to surveil the homeless, including people with mental illnesses and substance abuse.

It appears that the majority of what fusion centers do is ID “suspicious people, people of interest, suspects, missing persons, and wanted people.”

“The majority of MIAC documents concern the sharing of criminal information. Two-thirds of the BlueLeaks documents definitely shared by the MIAC—939 of 1,382—are (1) requests to identify a suspect or a wanted person, locate a person of interest or missing person, or provide information about possible crimes or suspicious circumstances or (2) bulletins and reports on specific incidents, cases, or individuals considered relevant to law enforcement but not directly connected to a criminal investigation by a police agency in Maine.”

Supermarkets, gas stations, utility companies, universities and hospitals receive daily “civil unrest” bulletins

The report reveals that fusion centers send daily intelligence (civil unrest) reports to 4,526 registered users in Maine. The reports focus on protests and political violence, lumping together subjects like “civil unrest,” “extremism,” and “terrorism.”

“This expansive list includes law enforcement officers and intelligence officials from across Maine, the New England Region, and across the country. It extends beyond law enforcement and intelligence to other government officials such as Department of Motor Vehicles personnel and school superintendents. The MIAC’s reach extends outside of the public sector. Many large corporations receive MIAC products, including Avangrid, Hannaford’s, ExxonMobile, and Bath Iron Works. Civil society organizations and nonprofits are also involved, such as universities, hospitals, and even special interest groups. The president of the Maine Chamber of Commerce, for example, is a registered user of the MIAC but, in contrast, there are no representatives from organized labor listed.”

The report also revealed that fusion centers are monitoring people who commit property crimes or shoplifting and sends daily reports to businesses.

“Private firms also access documents. The most prolific private sector reader of MIAC reports is the Auburn Mall. Auburn, along with neighboring Lewiston, are the twin cities of Maine. They are post-industrial mill towns, which have not yet been gentrified. They contain the four highest poverty census tracts in the state. The opioid epidemic has devastated this region. Mall security at the Auburn Mall mostly reads documents on persons who have been arrested for opioid use and shoplifting.”

The Maine Beacon warns that “counterterrorism has morphed into supercharged policing of drug, and property crimes,” and says “This is public-private surveillance.”

How easy is it for police officers to use fusion centers to secretly collect information on an innocent person?

MIAC, like fusion centers everywhere “can acquire and retain information that is unrelated to a specific criminal or public safety threat, as long as it determines that such information is useful.” As the report states, “the policy provides no definitions or standards for determining when information is useful in the administration of public safety.”

Let that sink in for a moment; fusion centers can basically spy on anyone, even if they are not a “public safety threat” as long as a police officer determines that the information they collect on a person is useful!

The report also revealed that fusion centers are “acquiring, retaining and sharing information about individuals and organizations based solely on their religious, political, or social views or activities.”

Fusion centers commonly send “situational awareness bulletins” to police departments about a person’s mental illness, saying these types of disclosures are common.

The report also reveals how police departments and the Rand Corporation create “strategic subject and HEAT lists” of anyone police think could commit a future crime[s].

Fusion Centers use TransUnion to secretly monitor people’s social media

“Documents received in response to FOAA requests provide evidence that the MIAC currently uses commercial databases as part of its investigations. For example, one heavily redacted record shows a TransUnion report on a redacted individual, which provides information on jobs, emails, usernames, aliases, and numerous social media profiles and internet sites.118 Another document traces a case that begins with a citizen report of “violent politically motivated rhetoric on Facebook” and leads immediately to a request to “begin to look into this individual” by a MIAC staffer. A case number and record are then created, and multiple reports are completed, including a “TLO (Comprehensive and Social Media)” report.”

The report proves that fusion centers are using data brokers to routinely collect highly sensitive personal information on people without a warrant.

“The TLO document also contains the report itself, which includes information on bankruptcies, liens, properties, corporate affiliations, and other information which is fully redacted and cannot be identified.”

“MIAC routinely monitors social media accounts and/or conducts background checks on individuals associated with lawful public protests, frequently citing a pretextual criminal offense (subjects may litter during the protest, for example) to justify the collection. MIAC then retains all the data collected even after finding no indication of a threat, hazard, or criminal activity.”

Last week The Intercept reported that the state of New York wants to spend millions to create a statewide fusion center-run social media surveillance network.

“New York’s governor, Kathy Hochul, unveiled details of her own policing initiatives to crack down on gun crime — but hardly anyone seemed to notice. Embedded within the dozen bills and hundreds of line items that make up her plan for next year’s state budget, Hochul’s administration has proposed tens of millions of dollars and several new initiatives to expand state policing and investigative power, including agencies’ ability to surveil New Yorkers and gather intelligence on people not yet suspected of breaking the law.”

According to the MIAC report, fusion centers can use a “possible threat, crime analysis” or essentially any reason to justify spying on a person’s social media accounts. Using fusion centers to ID and surveil homeless people and juveniles is horrifying, as “we do not know what happens to these individuals when they become subjects of the MIAC intelligence reports.”

As is typical of fusion center research, searching for “fusion centers and crime analysis” returned vague results, as evidenced by this gem from DHS’s Fusion Center Fact Sheet: “Fusion centers conduct analysis and facilitate information sharing, assisting law enforcement and homeland security partners in preventing, protecting against, and responding to crime and terrorism.”

The closest and most disturbing definition of ”fusion centers and crime analysis” can be found in the Bureau of Justices “Fusion Center Guidelines: Developing and Sharing Information and Intelligence in a New Era” report.

“The goal is to rapidly identify emerging threats; support multidisciplinary, proactive, and community-focused problem-solving activities; support predictive analysis capabilities; and improve the delivery of emergency and nonemergency services.” (page 13.)

What does that mean? It means fusion centers are guessing or predicting that someone could be a threat to the homeland or one of a possible 23 different types of violent extremists.

There is a disturbing link between fusion centers and mass incarceration.

“In addition to the previously discussed role of the MIAC in monitoring racial justice protests and the over-policing of the crimes of poverty, the MIAC records published with BlueLeaks include documents produced by the MIAC and ‘passed through’ from other agencies that concern unhoused people, undocumented people, and youths running away from home or the juvenile justice system.”

It is not hard to see how a person of color, a homeless person or a substance abuser could receive a harsher sentence simply because a fusion center has a secret file on them.

Now is the time to press our leaders and politicians to put an end to fusion centers, the need to keep them going has long since passed. (Twenty-one years and counting since 9/11.)

Allowing 79 fusion centers to use corporations and data brokers to collect massive amounts of personal information on anyone for any reason has and will continue to come at a high cost to our freedom.

Source: MassPrivateI Blog

UK Government Greases Skids For Fleets Of Surveillance Drones Over Cities

By Paul Joseph Watson

In what appears to be a cynical PR stunt, the UK government is considering plans to allow women who feel threatened on the street to call upon surveillance drones that would arrive in minutes and shine a bright light on any potential attacker.

What could possibly go wrong?

“Women in fear of an attack will be able to use a phone app to summon a drone, which could arrive within minutes armed with a powerful spotlight and thermal cameras to frighten off any potential assailant,” reports the Telegraph.

Trials will take place on campus at Nottingham University at a cost of £500,000 during which the tech will be used to “protect students and staff.”

The scheme will be submitted to the UK government’s Innovate research program, and could eventually see helicopters being replaced by drones as a front line tool of law enforcement.

“It is a high capability drone that costs just £100 an hour but can do 80 percent of what a police helicopter can do,” said Richard Gill, the founder of Drone Defence.

“It cannot do high speed pursuits but it can do the other tasks such as searching for people and ground surveillance.”

Gill noted that 25 drones could do the job of one police helicopter in London for the same price, with the drones being housed at five base locations across the city.

The idea of countless government drones whizzing around a city keeping tabs on people is garishly dystopian.

Allowing individuals to access the drones would also be completely open to abuse and misuse.

Innumerable people would make a mockery of the system by constantly calling upon the drones to harass random people or use the drones for target practice.

A far more effective means of preventing such attacks would be to allow women to be armed with pepper spray, but current law in the UK makes that illegal.

Changing the law would give women the power to defend themselves while avoiding the dystopian nightmare that state surveillance drones would bring.

The idea of giving women who feel threatened the power to summon drones is patently a cynical PR stunt to acclimatize the public into accepting the general introduction of drones as a tool of mass surveillance.

Verizon Is Automatically Enrolling Customers into a New Program That Scans Users’ Browser Histories

By B.N. Frank
December 11th, 2021

Tech and telecom companies tend to sell products that are privacy-invasive (see 1, 2, 3, 4, 5).  Collecting personal data on customers can be very lucrative.  It allows companies to analyze the data and market additional products and services to customers.  They can also sell the data to 3rd parties.  This business practice is sometimes referred to as “Surveillance Capitalism.” As more customers are becoming aware of this, there is a growing demand to be able to “opt-out” of privacy-invasive programs.  However, Verizon isn’t going to make it so easy for theirs.

From Ars Technica:


Verizon overrides users’ opt-out preferences in push to collect browsing history

Verizon renamed scanning program and enrolled customers who previously opted out.

Verizon is automatically enrolling customers in a new version of a program that scans mobile users’ browser histories—even when those same users previously opted out of the program when it had a different name.

The carrier announced changes to its “Verizon Selects” program along with a new name a few days ago. “Verizon Custom Experience Plus is the new name of our Verizon Selects program,” Verizon said in an FAQ. Verizon is ignoring the previous opt-out preferences for at least some customers by enrolling them in “Custom Experience,” which collects browser and app-usage history but doesn’t use device location data and other personal information collected in “Custom Experience Plus.”

Verizon says it does not sell the information collected in either version of Custom Experience and that the program “no longer supports third party advertising.” But Verizon does share the data with “service providers who work for us” and says it uses the data to “personalize our communications with you, give you more relevant product and service recommendations, and develop plans, services, and offers that are more appealing to you. For example, if we think you like music, we could present you with a Verizon offer that includes music content or provide you with a choice related to a concert in our Verizon Up reward program.”

How to opt out (again)

Privacy-conscious users will likely want to opt out using the instructions provided by Verizon or in this article. To opt out, go to your Verizon account privacy preferences page. Scroll down a bit and you’ll see options to “Manage Settings” for both Custom Experience and Custom Experience Plus. You can also try this link to go directly to the Custom Experience settings, or you can select “Manage privacy settings” in the “My Verizon” mobile app.

In either the website or the mobile app, the options to manage settings will let you opt in to or out of the two versions of the Custom Experience program. You can also delete any browsing and location data history that Verizon previously collected by clicking “Reset.” Additionally, account owners can use the Verizon website to block Custom Experience enrollment for specific phone lines.

Verizon customers have good reason to be wary of the carrier’s privacy practices. The Federal Communications Commission last year found that “Verizon apparently disclosed its customers’ location information, without their consent, to a third party who was not authorized to receive it.” The commission proposed a fine of $48 million. In 2016, Verizon agreed to pay a $1.35 million fine for inserting “supercookie” identifiers into customers’ mobile Internet traffic without users’ knowledge or consent.

In 2017, then-President Donald Trump and the Republican-controlled Congress blocked implementation of FCC privacy rules that would have required home-Internet and mobile broadband providers to get consumers’ opt-in consent before using, sharing, or selling browser history, app usage history, and other private information.

Opted out? “You will still be included”

Verizon has been sending emails to customers notifying them about the program changes. There are different versions of the email, one of which states that Verizon is ignoring previous opt-out preferences in cases where people “recently opted out.” That email, which was forwarded to Ars by a Verizon customer named Jordan Hirsch, says:

As a Verizon Selects participant, you will automatically be included in the Custom Experience Plus and Custom Experience programs.

If you recently opted out of participating in Verizon Selects, you will still be included in the Custom Experience program unless you opt-out.

Hirsch also tweeted a screenshot of the email he received from Verizon. The Verizon email Hirsch received did not state a specific time frame for the “recently opted out” phrase. We contacted Verizon today and asked for that detail and asked why Verizon is enrolling people who previously opted out of the same program before the program’s name was changed. We’ll update this article if we get any answers.

The Verizon FAQ does not include the “recently opted out” language and instead makes it sound like all customers may be enrolled in Custom Experience (the non-Plus version) regardless of previous opt-out status:

You will be part of the Custom Experience program unless you opt-out. You can opt-out using the privacy preferences page on the My Verizon site or the privacy setting page within the My Verizon app.

You must opt-in to the Custom Experience Plus program to be a part of it unless you are already participating in Verizon Selects. Verizon Selects participants will automatically be included in the renamed program.

I am also a Verizon customer and got a notification email from the company today. Although I am 99.9 percent sure I opted out of Verizon Selects years ago, the email I received said, “You’re in control: You will be part of Custom Experience unless you opt-out.”

Browsing, location data, and call records

What information does the newly renamed program collect? Both versions of Custom Experience use “information about the websites you visit and the apps you use on your mobile device to help us determine your interests, such as ‘sports lover’ or ‘outdoor enthusiast,’” the Verizon FAQ says. “We use only the first part of the web addresses (URLs) you visit (the part that includes the top level domain and subdomain of the URL); we do not use information past the first ‘/’ or ‘?’ in the URL. For example, we would be able to infer you are interested in ‘news’ if you visit a news-related website, but we wouldn’t know what news article you read.”

Custom Experience Plus uses all of the above plus “Device location information we obtain from the Verizon network and from Verizon apps you have permitted to collect location for these purposes; Information about your Verizon FiOS services; and Customer Proprietary Network Information (CPNI), including information about the phone numbers you call or that call you and the times you receive these calls. It also includes information about the quantity, type, destination, location, and amount of use of your Verizon telecommunications and interconnected Voice over Internet Protocol (VoIP) services and related billing information.”

Although general call data is collected, “The programs do not use what you or others say during calls or the content of your emails or texts with other people,” Verizon says. “Custom Experience Plus does use call detail records including the phone numbers you call and those that call you, and the times and durations of the calls.”

Verizon says it tries to avoid collecting sensitive browsing and location information:

We make efforts to eliminate the use of websites that may be sensitive in nature; for example, we employ filters that are designed to exclude websites related to adult content, health conditions, sexual orientation, and others. We also make efforts to eliminate the use of location information about sensitive points of interest in these same areas.

The “make efforts” phrasing suggests that these filters will fail to prevent collection of sensitive data in some cases. Verizon also says that if you opt-in to Custom Experience Plus, you will automatically be included in Verizon’s Business and Marketing Insights program.

Verizon says it shares data collected in Custom Experience with service providers:

We do not share information that identifies you outside of Verizon as part of these programs other than with service providers who work for us. These service providers are required to use the information only for the purposes Verizon defines and not for their own or others’ marketing or advertising purposes. They are also required to protect the information. We do not sell information we use in these programs to others for them to use for their own advertising.

Verizon said it “keep[s] information about the websites you visit for no more than 6 months. We keep location and CPNI information we use for these programs for approximately one year. We regularly refresh the interest categories we develop as part of the Custom Experience programs (e.g., ‘coffee lover’ or ‘sports enthusiast’) and keep them as long as you are participating in the programs or until you reset your line.”

JUDGE RULES SPYING PROGRAM REVEALED BY SNOWDEN WAS ILLEGAL, USELESS AGAINST TERRORISTS

John Vibes, September 3rd 2020

This week, a federal appeals court ruled that the NSA’s controversial spying program was illegal – the same program Edward Snowden released details about to journalists in 2013. The landmark ruling even added that the spying program may have been unconstitutional.

The court’s ruling was written by Judge Marsha Berzon, who decided that the Foreign Intelligence Surveillance Act, or FISA, didn’t allow for the bulk collection of phone users’ call records, as the US government claimed at the time.

“The metadata collection exceeded the scope of Congress’s authorization,” she wrote in her ruling.

The main problem is that FISA did not allow for bulk collection, only targeted collection of known suspects. The law “required the government to make a showing of relevance to a particular authorized investigation before collecting the records,” according to Berzon.

Judge Berzon went on to say that there is no evidence that the spying program actually did anything to prevent a single case of terrorism, and that US officials misled the public about the program’s effectiveness.

“To the extent the public statements of government officials created a contrary impression, that impression is inconsistent with the contents of the classified record,” she wrote.

The NSA claims that they have since canceled the spying programs in question, but many privacy advocates suspect that they are still engaged in very similar activities, if not more invasive spying now that the technology has advanced.

On Wednesday, Edward Snowden posted about the ruling, saying that, “I never imagined that I would live to see our courts condemn the NSA’s activities as unlawful and in the same ruling credit me for exposing them. And yet that day has arrived.”

ACLU senior staff attorney Patrick Toomey called Wednesday’s ruling a victory for privacy rights.

“The decision also recognizes that when the government seeks to prosecute a person, it must give notice of the secret surveillance it used to gather its evidence. This protection is a vital one given the proliferation of novel spying tools the government uses today,” Toomey said, according to CNet.

It is not clear what implications this could have for Snowden’s criminal charges or his possible return to the US, but this certainly can’t hurt his case.

Snowden is still facing criminal charges under the Espionage Act. He is currently living in exile in Russia, where he got stuck and remained while attempting to evade US authorities after the now-infamous leak.

Last year, Snowden published an eye-opening memoir about his time in the intelligence community and his decision to tell the world about the massive surveillance state that had been created by the United States government. The book, called “Permanent Record,” quickly rose to the top of the charts as soon as it was released, but as expected, the United States government was not very happy that it was being published.

On the day that the book was released, the US government filed a lawsuit against Snowden, claiming that he violated non-disclosure agreements that he signed with both the CIA and NSA when he was employed with the agencies.

The information contained in the book must not be too sensitive at this point, because the lawsuit is not seeking to block publication of the book, but is looking to intercept all of the money that is made from the sales.

Mass-Tracking COVI-PASS Immunity Passports Slated to Roll Out in 15 Countries

Raul Diego,
June 29th, 2020

Through the magic of Internet meme culture, most Millennials will be familiar with the famous opening scene of the 1942 film, Casablanca, where two policemen stop a civilian in the “old Moorish section” of Nazi-occupied French Morocco and ask him for his “papers.” The subject is taken away at once after failing to produce the required documents. The cinematic exchange has been used ever since as a popular reference to the ever-encroaching hand of the state, which is now on the verge of attaining a level of control over people’s movements that puts the crude Nazi methods to shame.

A British cybersecurity company, in partnership with several tech firms, is rolling out the COVI-PASS in 15 countries across the world; a “digital health passport” that will contain your COVID-19 test history and other “relevant health information.” According to the company website, the passport’s objective is “to safely return to work” and resume “social interactions” by providing authorities with “up-to-date and authenticated health information.”

These objectives mirror those that Bill Gates has been promoting since the start of the COVID-19 lockdown. In an essay written by Gates in April, the software geek-cum-philanthropist lays out his support for the draconian measures taken in response to the virus and, like an old-timey mob boss, suggests the solutions to this deliberately imposed problem. Ironically, Gates begins to make his case for the adoption of mass tracking and surveillance technology in the U.S. by saying that “For now, the United States can follow Germany’s example”; He then touts the advantages of the “voluntary adoption of digital tools” so we can “remember where [we] have been” and can “choose to share it with whoever comes to interview you about your contacts.”

COVI-Pass APP

Gates goes on to predict that the ability to attend public events in the near future will depend on the discovery of an effective treatment. But he remains pessimistic that any such cure will be good enough in the short term to make people “feel safe to go out again.” These warnings by the multi-billionaire dovetail perfectly with the stated purposes of the aforementioned COVI-PASS, whose development is also being carried out in partnership with Redstrike Group – a sports marketing consultancy firm that is working with England’s Premier League and their Project Restart to parse ticket sales and only make them available to people who have tested negative for the virus.

VST Enterprises goes viral

VST Enterprises Ltd (VSTE) is led by 31-year-old entrepreneur, Louis-James Davis, who very recently stepped down from a “science & technology ambassadorship” in the African nation of Zimbabwe to focus on the company’s role in the UN’s SDG (Sustainable Development Goals) Collaboratory initiative, comprising a series of “cyber technology projects across all 193 member states of the United Nations.”

These will use the same proprietary VCode and VPlatform technologies underpinning the COVI-PASS that will reportedly tackle issues such as illegal mining and counterfeiting. This “third generation” barcode technology overcomes the limitations of older “second generation” versions like QR-codes, according to Davis. “Data and sensitive information scanned or stored in either a QR code and barcode can be hacked and are inherently insecure,” Davis claims, “leaving data and personal details to be compromised.” These, and other flaws of the prevailing “proximity apps” were exploited by VST Enterprises to position itself to land large government and private sector contracts.

http://content.jwplatform.com/players/DlQ2Gzqn-YuKiCfZc.html

By all measures, the strategy has proven wildly successful and VST now enjoys strong favor in the highest circles of the UK government as evidenced by the ringing endorsement of former Prime Minister Theresa May, prominently displayed on the COVI-PASS website. More practically, VST now has a direct partnership with the UK government and has secured contracts to deploy its technology in 15 countries, including Italy, Portugal, France, India, the US, Canada, Sweden, Spain, South Africa, Mexico, United Arab Emirates and the Netherlands.

In May, VST signed a deal with international digital health technology firm and owner of COVI-PASS, Circle Pass Enterprises (CPE) to integrate VST’s VCode into the biometric RFID-enabled “passports” which can be accessed via mobile phone or a key fob will flash colored lights to denote if an individual has tested negative, positive or is to be denied entry to public locations. Awarded the ‘Seal of Excellence’ by the EU, VCode® technology will ensure that all of our most sensitive personal and health information can be accessed by authorities at a distance, dispensing with messy and potentially dangerous face-to-face encounters with police or other enforcement personnel.

Infusing the narrative

So far, the concerns over the digital health passport’s threat to freedom and privacy have been lukewarm at best and it seems as if the world has already accepted that full-fledged population control methods such as these will simply be a fact of life. While the coronavirus pandemic has certainly done much to bring the public over to this way of thinking, the campaign to normalize this sort of Orwellian power-grab has been ongoing for many years and Bill Gates – who many media outlets have whitewashed out of stories related to these measures – has been at the forefront of its promotion.

The Innovation for Uptake, Scale and Equity in Immunisation (INFUSE) project was launched in Davos, Switzerland in 2016. The program was developed by an organization funded by the Bill & Melinda Gates Foundation called GAVI (The Vaccine Alliance), which has been calling for a digital health ID for children along with partners in the broader ID2020 initiative like the Rockefeller Foundation and Microsoft.

In a recent interview, the deputy director of the Bill & Melinda Gates Foundation, Hassan Damluji, derided the idea that the COVID-19 pandemic was in any way subsiding and even warned that, far from receding, the pandemic was “deep into wave three.” His remarks were specifically targeted to the very regions he oversees for the foundation, which include the Middle East and parts of Asia, which he stressed would be the focus of the next wave. Damluji was “most recently involved in a five-year fundraising cycle for GAVI,” an effort led by Saudi Arabia, whose investment he praised as a powerful “signal [that] others had an obligation to follow.”

Gates concludes his editorial with a comparison to World War II, stating that said conflict was a “defining moment of our parents’ generation” as the COVID-19 pandemic is to ours, implying that the changes taking place now are akin to the Allied forces’ defeat of the Third Reich. Except, of course, that immunity passports or digital health certificates sound exactly like what Hitler wished for the most. After all, wasn’t the idea of a superior race based on considerations of superior health and vitality over the ostensibly sick and unfit? Hard to argue against the idea that a universal health passport is nothing less than the ultimate fulfillment of that dystopian nightmare.

Study Finds Some Governments Already Using Contact Tracing Apps For Mass Surveillance

John Vibes
June 20th, 2020

For months, privacy experts like Edward Snowden were warning about governments using virus contact tracing phone apps to conduct mass surveillance on citizen populations. As most of us know, governments are already spying on domestic citizens, but if they have access to data from the contact tracing apps, it gives them yet another tool that helps to give them a clearer picture of everyone’s day-to-day activities.

The human rights group Amnesty International conducted a study analyzing COVID-19 contact tracing apps and found that applications for at least three countries — Norway, Bahrain, and Kuwait — had dangerous security flaws. The researchers looked at many of the popular contact tracing apps from 11 different countries: Algeria, Bahrain, France, Iceland, Israel, Kuwait, Lebanon, Norway, Qatar, Tunisia, and United Arab Emirates.

The apps that had the worst security flaws directly collected GPS data from users which matched with their identity, while the safer apps relied on anonymized Bluetooth signals.

In one strange case, the contact tracing app called “BeAware Bahrain” was used to recruit contestants for a TV game show. In the show, called Are You At Home? the host used data that the government collected through the app to randomly call individuals to see if they were following all social distancing guidelines. If they were deemed to be good citizens, they were given a financial reward. By downloading the app, users were unknowingly giving their permission to appear on the game show.

Claudio Guarnieri, the head of Amnesty International’s Security Lab, which published the study, said that Norway has agreed to scrap their contact tracing app and replace it with a safer alternative after they were presented with the research.

“Bahrain, Kuwait and Norway have run roughshod over people’s privacy, with highly invasive surveillance tools which go far beyond what is justified in efforts to tackle COVID-19. The Norwegian app was highly invasive and the decision to go back to the drawing board is the right one. We urge the Bahraini and Kuwaiti governments to also immediately halt the use of such intrusive apps in their current form. They are essentially broadcasting the locations of users to a government database in real time – this is unlikely to be necessary and proportionate in the context of a public health response,” Guarnieri said.

Likewise, the government of Bahrain has also promised to make small changes to its app, and is now allowing users to opt-out of participating in the game show, which will still continue to run.

In a statement, government officials in Bahrain said, “The ‘BeAware’ app was designed for the sole purpose of advancing contact-tracing efforts and saving lives. It is an entirely voluntary opt-in app… and all users are informed of its use of GPS software before downloading. The app plays a vital role in supporting Bahrain’s ‘Trace, Test, Treat’ strategy and has helped to keep Bahrain’s Covid-19 death rate at 0.24%. 11,000 individuals have been alerted through the app and prioritized for testing, of which more than 1,500 have tested positive.”

In most cases, if you have one of these apps downloaded on your phone and you come into contact with someone who tested positive for the virus, you will receive a notification or text message letting you know that you have been exposed and the message will instruct you to quarantine in your home for two weeks. If you refuse to comply with the quarantine, the authorities will know, because your cellphone will be set to notify them if you leave a certain perimeter. Leaving home without a phone isn’t an option either, because these apps are also used to gain entry to grocery stores and other businesses.

In an interview with Vice last year, Snowden discussed the potential dangers posed by this technology.

Amid COVID And Riots, New York Aggressively Rolls Out Smart City Tech

Patrick Wood,
June 23rd, 2020

Like a skilled magician who gets you to look at his right hand while the left hand is performing the “trick”, New York state is rolling out 500,000 smart streetlights that hook up to the Internet of Things (IoT).

According to Smart Cities Dive,

Streetlights installed will be on Signify’s Interact City software, which enables local leaders to dim and brighten lights remotely, and centrally monitor outages and planned maintenance in real time. That system can then be upgraded to have sensors with features like environmental monitoring and noise detection. [emphasis added]

In an understatement, the article states “Cities are looking at streetlight upgrades as a way to move their smart city visions forward.” More accurately, it should have laid the blame at the feet of Technocrats within those cities.

Pandemics won’t stop them. Riots, looting and tearing down of historical statues won’t stop them. In fact, those things are helping to drive Smart City build-outs like this. In particular, according to the article,

 …an increasing number of local leaders have expressed interest in using smart streetlights as a way to monitor large gatherings, in a bid to try and prevent the spread of infection.

Source: Technocracy News & Trends

A Quick and Dirty Guide to Cell Phone Surveillance at Protests

Cooper Quintin
JUNE 17, 2020

As uprisings over police brutality and institutionalized racism have swept over the country, many people are facing the full might of law enforcement weaponry and surveillance for the first time. Whenever protesters, cell phones, and police are in the same place, protesters should worry about cell phone surveillance. Often, security practitioners or other protesters respond to that worry with advice about the use of cell-site simulators (also known as a CSS, IMSI catcher, Stingray, Dirtbox, Hailstorm, fake base station, or Crossbow) by local law enforcement. But often this advice is misguided or rooted in a fundamental lack of understanding of what a cell-site simulator is, what it does, and how often they are used.

The bottom line is this: there is very little concrete evidence of cell site simulators being used against protesters in the U.S. The threat of cell site simulators should not stop activists from voicing their dissent or using their phones. On the other hand, given that more than 85 local, state, and federal law enforcement agencies around the country have some type of CSS (some of which are used upwards of  1000 times per year), it’s not unreasonable to include cell site simulators in your security plan if you are going to a protest and take some simple steps to protect yourself.

A CSS is a device that mimics a legitimate cellular tower. Police around the world use this technology primarily to locate a phone (and therefore a person) with a high degree of accuracy, or determine who is at a specific location. There have been reports in the past that advanced CSSs can intercept and record contents and metadata of phone calls and text messages using 2G networks, there are no publicly known ways to listen to text messages and calls on 4G networks however. Cell-site simulators can also disrupt cellular service in a specific area. However, it is very hard to confirm conclusively that a government is using a CSS  because many of the observable signs of CSS use—battery drain, service interruption, or network downgrades— can happen for other reasons, such as a malfunctioning cellular network.

For more details on how cell-site simulators work, read our in-depth white paper “Gotta Catch ‘em All.”

Interception of phone calls and text messages is the most scary potential capability of a CSS, but also perhaps the least likely. Content interception is technically unlikely because, as far as we know based on current security research (that is, research around 2G and LTE/4G networks that does not take into account any security flaws or fixes that might occur in the 5G standard), content interception can only be performed when the target is connected over 2G, rendering it somewhat “noisy” and easy for the user to become aware of content interception also can’t read the contents of encrypted messages such as SignalWhatsapp, Wire, Telegram, or Keybase.

Police using a CSS to intercept content is legally unlikely as well because, in general, state and federal wiretap laws prohibit intercepting communications without a warrant. And if police were to get a wiretap order from the court, they could go directly to the phone companies to monitor phone calls, giving them the advantage of not having to be in the physical proximity of the person and the ability to use the evidence gathered in court.

One advantage law enforcement might get from using a CSS for content interception at a protest is being able to effectively wiretap several people without having to know who they are first. This would be advantageous if police didn’t know who was leading the protest beforehand. This type of mass surveillance without a warrant would be illegal. However, police have been known to use CSS without a warrant for tracking down suspects. So far, there is no evidence of police using this type of surveillance at protests.

Locating a specific mobile device (and its owner) is anecdotally the most common use of cell-site simulators by law enforcement, but conversely it may be the least useful at a protest. Locating a specific person is less useful at a protest because the police can usually already see where everyone is using helicopters and other visual surveillance methods. There are some situations, though, where police might want to follow a protester discreetly using a CSS rather than with an in-person team or a helicopter.

If a CSS were to be used at a protest, the most likely use would be determining who is nearby. A law enforcement agency could theoretically gather the IMSI of everyone at a gathering point and send that to the phone company later for user identification to prove that they were at the protest. There are other ways to accomplish this: law enforcement could ask phone companies for a “tower dump” which is a list of every subscriber who was connected to a specific tower at a specific time. However, this would have the disadvantages of being slower, requiring a warrant, and having a wider radius, potentially gathering the IMSIs of many people who aren’t at the protest.

Denial-of-service or signal jamming are additional capabilities of CSS. In fact, it has been admitted by the FBI that CSS can cause signal disruption for people in the area. Unfortunately, for the same reasons it’s hard to detect CSS use, it’s hard to tell how often they are disrupting service either purposefully or accidentally. What looks like signal jamming could also be towers getting overloaded and dropping connections. When you have many people suddenly gathered in one place, it can overload the network with amounts of traffic it wasn’t designed for.

How to protect yourself from a cell-site simulator

As noted in our Surveillance Self-Defense guide for protesters, the best way to protect yourself from a cell-site simulator is to put your phone in airplane mode, and disable GPS[2], wifi, and Bluetooth, as well as cellular data. (While GPS is “receive only” and does not leak any location information on its own, many apps track GPS location data, which ends up in databases law enforcement can search later.)

We know that some IMSI catchers can also intercept content, however as far as we know none of them can do this without downgrading your cellular connection to 2G. If you are concerned about protecting your device against this attack, the best thing you can do is use encrypted messaging like Signal or Whatsapp, and put your phone in airplane mode if you see it drop down to 2G. (There are plenty of legitimate reasons your phone might downgrade part of your connection to 2G but better safe than sorry.) However an important part of protests can be streaming/recording and immediately uploading videos of police violence against protestors. This is at odds with the advice of keeping your phone off/in airplane mode. It’s up to you to decide what your priorities at protests are, and know that what’s important for you might not be someone else’s priority.

Unfortunately, iOS and Android currently offer no easy ways to force your phone to only use 4G, though this is something the developers could certainly add to their operating systems. If you can turn off 2G on your phone, it is a good precaution to take.

How a cell-site simulator might be detected

Unfortunately, cell site simulators are very difficult to detect. Some of the signs one might interpret as evidence, such as downgrading to 2G or losing your connection to the cell network, are also common signs of an overloaded cell network. There are some apps that claim to be able to detect IMSI catchers, but most of them are either based on outdated information or have so many false positives that they are rendered useless.

One potential way to detect cell-site simulators is to use a software-defined radio to map all of the cellular antennas in your area and then look for antennas that show up and then disappear, move around, show up in two or more places, or are especially powerful. There are several projects that attempt to do this such as “Seaglass” and  “SITCH” for 2G antennas, and EFF’s own “Crocodile Hunter” for 4G antennas.

While it is possible that cell-site simulators are being or have been used at protests, that shouldn’t stop people from voicing their dissent. With a few easy precautions by protesters, the worst abuses of these tools can be mitigated. Nevertheless, we call on lawmakers and people at all levels of the cellular communications industry to take these issues seriously and work toward ending CSS use.

Source: EFF.org

Cooper is a security researcher and Senior Staff Technologist at EFF. He has worked on projects such as Privacy BadgerCanary Watch, and analysis of state sponsored malware. He has also performed security trainings for activists, non profit workers and ordinary folks around the world. He previously worked building websites for non-profits, such as Greenpeace, Adbusters, and the Chelsea Manning Support Network. He also was a co-founder of the Hackbloc hacktivist collective. In his spare time he enjoys playing music and participating in street protests.