Saturday, March 27, 2010

USE IT OR LOSE IT: Your 6th sense and your buying power

Unreasonable search and siezure and a free market solution

BTC OpEd - I started to notice I had a "sixth-sense" while attending a Bob Wier concert in Southern California in '06. I "felt" someone looking at me. Sure enough, I turned sharply and someone was looking dead at me. There are countless instances of persons having similar experiences that have been documented and studied.

As I have reported in the past, many believe this to be an evolutionary response to evaluating if the "watcher" is actually a predator. Animals demonstrate the perception of being watched by returning a glance or running away from unwanted attention. If your extra sensory survival antennae are working, your eyes may be drawn sharply to surveillance cameras in common areas, like shopping markets or banks.

Today, I was in the ice cream section in my local supermarket looking at ice cream bars. Instinctively my eyes snapped sharply to the surveillance orb immediately overhead. I had just been to the new bank where there were cameras mounted at every angle of interaction. My head began to pound and I became really irritable. Why can't I do things I need to do without a surveillance hawk following me wherever I go? This isn't even government sponsored surveillance. This is "I gotta get out and do what I need to do in life,"surveillance by a corporation.

What's irritating about this interaction is that you don't know who is watching you, why they are focused on you or what they "want". After a while you really don't care what their excuse is. You want to be left alone. I'm not asking permission as a grown woman to be left alone while I look at varieties of frozen goods. However, it seems to be verboten somehow for someone to approach these surveillance goons to break their voyeuristic tendencies. If you ask who is watching, how to contact them or who the security contractor is you will probably be blown off by the lowly shift manager, whose familiar bureaucratic response is "that's above my pay grade".

I made a free market decision today. I decided to do my best to stop shopping at places which never asked me if they had permission to film my personal images. I have made other decisions like this. I don't buy products made from animal testing. I boycott big oil petroleum by using car share alternatives and public transport. I buy food by and large that has no GMOs and is organically grown.

I made an observation as well. Independent health food grocers have moderate camera surveillance and I feel better about shopping in these places. People want to trust the businesses in their communities. If locals can't go about their business without a surveillance camera looking into their shopping carts or sending a RFID tag home to follow them like a digital cookie, it's a betrayal for giving them your business and your trust.

When you're off the job, you shouldn't have to put up with the corporate surveillance put there by a control freak boss. Everyone has decisions to make. While you may make certain compromises, you'll continually be asked to make more when it comes to your privacy.

I challenge you to write down how many times today, just going about your day-to-day, individual surveillance was required for you to do anything you need to do. You can always choose to put your market dollar in places which put the dignity of your common privacy first. You can start by asking businesses to be "surveillance moderate".

You and your community set those standards. You decide how much is too much surveillance.

Bad Things Happen When Politicians Think They Understand Technology

c/o TechDirt , Mike Masnick

With health care reform out of the way, lots of politicians are pushing out new legislative ideas, hoping that Congress can now focus on other issues -- so we're seeing lots of bad legislation proposed. Let's do a two for one post, highlighting two questionable bills that many of you have been submitting. The first, proposed by Senators Schumer and Graham, is technically about immigration reform, which is needed, but what's scary is that the plan includes yet another plan for a national ID card. Didn't we just go through this with Real ID, which was rejected by the states? Jim Harper, who follows this particular issue more than just about anyone, has an excellent breakdown of the proposal, questioning what good a national ID does, while also pointing to the potential harm of such a plan.

Then we have the
big cybercrime bill put forth by.. Senators Rockefeller and Snowe (updated, since there are two separate cybersecurity bills, and its the Rockefeller/Snowe one that has people scared), that tries to deal with the "serious threat of cybercrime." But, of course, it already has tech companies worried about the unintended consequences, especially when it requires complying with gov't-issued security practices that likely won't keep up with what's actually needed:
"Despite all [the] best efforts, we do have concerns regarding whether government can rapidly recognize best practices without defaulting to a one-size-fits all approach," they wrote.

"The NIST-based requirements framework in the bill, coupled with government procurement requirements, if not clarified, could have the unintended effect of hindering the development and use of cutting-edge technologies, products, and services, even for those that would protect our critical information infrastructure."

They added the bill might impose a bureaucratic employee-certification program on companies or give the president the authority to mandate security practices.


This is one of those bills that sounds good for the headlines (cybercrime is bad, we need to stop it), but has the opposite effect in reality: setting up needless "standards" that actually prevent good security practices. It's bills like both of these that remind us that technologically illiterate politicians making technology policy will do funky things, assuming that technology works with some sort of magic.

New RFID Tag could mean the end of bar codes

And for those who would rather not have their food broadcast radio waves after getting it home, fear not. Tour says the signals can be blocked by wrapping groceries in aluminum foil. [BTC-Or just don't buy from grocers who endorse corporate surveillance technology.]
c/o Wired.com

Lines at the grocery store might become as obsolete as milkmen, if a new tag that seeks to replace bar codes becomes commonplace.

Researchers from Sunchon National University in Suncheon, South Korea, and Rice University in Houston have built a radio frequency identification tag that can be printed directly onto cereal boxes and potato chip bags. The tag uses ink laced with carbon nanotubes to print electronics on paper or plastic that could instantly transmit information about a cart full of groceries.

“You could run your cart by a detector and it tells you instantly what’s in the cart,” says James M. Tour of Rice University, whose research group invented the ink. “No more lines, you just walk out with your stuff.”

RFID tags are already used widely in passports, library books and gadgets that let cars fly through tollbooths without cash. But those tags are made from silicon, which is more expensive than paper and has to be stuck onto the product as a second step.

“It’s potentially much cheaper, printing it as part of the package,” Tour says.

The new tag, reported in the March issue of IEEE Transactions on Electron Devices, costs about three cents to print, compared to about 50 cents for each silicon-based tag. The team hopes to eventually bring that cost below one cent per tag to make the devices commercially competitive. It can store one bit of information — essentially a 1 or a 0 — in an area about the size of a business card.

That’s not much compared to computer chips, but Tour says this tag is just a “proof of concept.” Study coauthor Gyoujin Cho of Sunchon National University, along with a team from the Printed Electronics Research Center of the Paru Corporation in Suncheon, Korea, are working to pack more transistors into a smaller area to ultimately squeeze 96 bits onto a 3-square-centimeter tag. That would be enough to give a unique identification code to each item in a supermarket, along with information like how long the item has been on the shelf, Tour says.

The tags were made possible by the creation of semiconducting ink, which contains carbon nanotubes that will hold an electrical charge. A transistor needs to be completely semiconducting to hold information, Tour says. If there are any bits of conducting metal — which moves electric charges around easily — mixed in, the information-holding charge will leak out quickly.

The mixture of nanotubes created in Tour’s lab includes both semiconducting nanotubes and conducting nanotubes. Separating out the conducting nanotubes is “a horrid experience,” Tour says. “They’re very painful to separate.” So instead, the team devised a way to coat the conducting nanotubes in a polymer to protect the electric charge and allow the ink to be purely semiconducting.

Once they had the ink, Cho and his colleagues built roll printers to transfer ink to the final material. The tags are printed in three layers, and one of the remaining hurdles to making the tags store more memory in less space is to improve the alignment of those layers, Cho says.

“The work is impressive,” comments Thomas N. Jackson of Penn State University in University Park, who is also developing flexible electronics. He thinks it will be difficult to compete with silicon, which is well established in the realm of consumer products packaging. But similar technology could be used to do things silicon can’t do, he says, such as make smart bandages that can sense infections or freshness-sensing food packaging.

And for those who would rather not have their food broadcast radio waves after getting it home, fear not. Tour says the signals can be blocked by wrapping groceries in aluminum foil.

Read More http://www.wired.com/wiredscience/2010/03/rfid/#ixzz0jOwqhrL8

Thursday, March 25, 2010

Waking Up Orwell program pre-empted by aggressive online hack

BlogTalkRadio broadcasts repeatedly compromised, suffered from repeated DeLays
"This was by far, the most obvious outside attempt to maliciously pre-empt us in the program's history. Based on where our program was rerouted it appears politically motivated by those entertained by neo-conservative talk." - WakingUpOrwell
3/29/10 -11:00 PM PST - We've just discovered the copy of our lost program. The show sounds a lot like a recording of someone running on foot during the Blair Witch Project while reading news. It looks like the information available on BlogTalkRadio is consistent with what happened Thursday. We are still not going back... give today so we can keep the show alive.

BTC - Waking Up Orwell, BeatTheChip.org's regular weekly radio news magazine, has been compromised for the 3rd time in its history of airing on BlogTalkRadio. The show was interrupted by an aggressive hack.

The hack preempted the airing of an interview with the Electronic Frontier Foundation's FOIA counsel, Lee Tien who explained their findings about FBI intrusions on social networks like Facebook and BlogTalkRadio.com. The hack consisted of successive browser crashing to interrupt media uploads, account episode deletions and disparity between the front end display of the episode and oustide interference with the host's back end capability to view, acknowledge or operate the engineering ports of a rescheduled episode.

"We sincerely apologize to regular listeners who expected to hear the scheduled programming. Unfortunately, we cannot reconcile the repeated attempts to hack our accounts with BlogTalkRadio.com and are actively seeking a new radio home for our weekly program. I did all I could do today to air the program," says Sheila Dean, host, producer and engineer for the dystopian news program.

What audience members witnessed at airtime was a non-aired episode scheduled late at 11AM CST featuring the EFF speaker. What the host-engineer saw was a prompt saying, "There are no shows that can be scheduled 3/25/10". Dean published her technical difficulties using Twitter until the 11 AM CST airtime. She dialed into the BlogTalkRadio host mainframe using the caller code and later spoke for over 30 minutes. The broadcast was never heard. Operating browsers from her MacNotebook crashed repeatedly, interfering uploads of the pre-recorded media and back end access to host tools were rerouted to another webpage.

Dean first noticed problems with excessively slow access to her account. She restarted her computer and logged back into her user account. She then discovered her scheduled episode was deleted. BlogTalkRadio, in a reply to service the account said that only a person with access to the account could have deleted the program and that "it could not be done from our end." The episode was submitted to BlogTalkRadio's PR department for promotion earlier in the week.

In an EFFort to continue to air the radio program another episode was immediately scheduled to air at 11AM CST. Soon to follow Dean experienced interruptions and disparities consisting of successive browser crashes minutes before airtime after logging into her account. Dean mitigated this by switching to another PC right before airtime. She then logged into BlogTalkRadio.com's online account to produce Waking Up Orwell as scheduled. The Internet Explorer browser then repeatedly rerouted Dean to another newscast featuring Tom DeLay on BlogTalkRadio.com and refusing her user access to her account.

"This was by far, the most obvious outside attempt to maliciously pre-empt us in the program's history. Based on where our program was rerouted it appears politically motivated by those entertained by neo-conservative talk," said Dean, producer of WakingUpOrwell.

WakingUpOrwell, often features controversial news specific to privacy and promotes involvement of citizens in affairs which directly affect American civil liberty. Dean's broadcasts feature staunch criticisms of current government policies governing citizens rights and national security. While she was dissappointed in her inability to air the program, she is optimistic about funding for a new online and terrestrial home for her popularizing program.

BlogTalkRadio.com's technical staff claim no culpability in the hacking attempts from their end.

Wednesday, March 24, 2010

EU passports not that safe, says expert

EU passport security has been placed under the microscope

c/o euobserver.com , *special thanks to EFF


EUOBSERVER / BRUSSELS - The biometric, or "e-passport," was supposed to offer a previously unrivalled level of security and protection against forgery. It was "fool-proof," some said, even "impossible" to counterfeit.

In the years that followed the attacks on New York and Washington, the European Union, as with many international powers, was eager to embrace the technology. In 2004, the European Commission proposed technical specifications for a harmonised e-passport system, first requiring digital facial image as as a mandatory biometric identifier for passports and later requiring fingerprint data.


Airport: EU passport security has been placed under the microscope (Photo: dacba10)

But in the wake of the Dubai targetted killing of a Hamas commander, in which a team of some 27 assassins used fake EU and Australian passports in the course of their cloak and dagger escapade, the security of the passport has been placed under the microscope.

Beyond the Dubai murder, Europol has warned that despite the biometric changes to passports, counterfeiting still remains a major problem for criminals or others "who are determined to do so," with the provision of documents for irregular immigrants being the main driver of the activity.

In 2008, the latest year for which data is available, some 16.7 million passports were on an Interpol database of stolen or disappeared passports.

Magnus Svenningson, the CEO of Speed Identity, the company that provides the biometric data capture platform to the Swedish, Luxembourg and Lithuanian governments, in an interview with EUobserver reveals how passports can be forged.

"The EU passport is a very, very secure document. EU countries have invested a lot in the document. It's extremely expensive and difficult to forge, although not impossible," he said.

What makes it so hard is one would have to clone the certified chip of the issuing government: "This requires machine-supported verification of the documents."

Famously, in August 2008, after 3,000 blank UK passports were stolen and British authorities said that without the chip, the documents would have been useless, the Times newspaper hired a computer researcher to successfully clone the chips on two British passports. Passport reader software used by the UN authority that establishes biometric passport standards believed the chips to be genuine.

This is designed to be countered by checking the chip at a border crossing against an international database of key codes, the Public Key Infrastructure, but only a minority of countries have signed up. So a would be counterfeiter should choose a state that does not share these codes.

The level of counterfeiting difficulty varies from country to country, said Mr Svenningson: "In some countries, it's very easy, others not so easy, but every country has their own loopholes."

Loopholes

First of all, the inclusion of the biometric identifiers is binding only for those countries in the Schengen area, of which the UK and Ireland have opted out and which Cyprus, Bulgaria and Romania have yet to join. These specifications are also binding on European Economic Area countries Norway, Iceland, Liechtenstein and Switzerland.

According to the EU regulation, countries were to have included both facial imagery and fingerprints in their systems by July last year. The British e-passport meanwhile only uses a digital image and not fingerprinting, although this is currently under consideration by authorities.

UK foreign minister David Miliband said that the Dubai passports taken from British citizens were in any case not biometric, which makes the forgery process that much easier. But Mr Svenningson said that one of the easiest methods is to acquire a duplicate passport - "a real fake passport" - rather than to forge one.

"The problem is enrollment and lies with the breeder documents. These are the documents that make you a for example a British or German citizen," such as a birth certificate or naturalisation papers. "These documents plus the biographic data and the biometric data are then unified and stored in a passport tied together, forming a proof of identity."

According to Mr Svenningson, you should choose a victim that roughly matches your appearance, and then photoshop an image of yourself so that it appears closer to what the original person looks like, something in between you and the other person.

This process is aided by "the transfer of a paper photo to a digital one, which involves a huge loss of quality, resulting in a photo that makes it very easy for others to use."

"When all this is done, you apply for renewal of your victim's passport and file a new application with your tailored picture. Then you wait at his or her mailbox of until the new passport arrives by mail and snatch that particular letter." He added that a postbox that is separate from the apartment or house is best.

This method is the most common, he said. The advent of biometric passports has had an effect: "There has been a big shift in the last five years from counterfeiting to applying for a real one," because of the additional hurdles set up by biometry.

Fingerprints can be fooled

But those countries that require fingerprints included on the chip can still be fooled.

"Fingerprints are possible to fake for a low cost. The easiest way is to obtain a print from something someone has touched, a glass or a mobile phone."

From this you can extract a picture of the ridges that you see on your fingertip. This picture can be moulded onto a piece of plastic, which can then be subtly placed on the fingertip during enrollment or verification of the data to make you appear like someone else.

Even retina scans are not impossible to fake.

"This is difficult. The process involves taking a picture of the retina with infrared light at very close distance. But it is still not impossible. You could hold some kind of eye-like object with a picture of the retina in front of the camera. Of course if the process is supervised, it then becomes quite difficult."

But he says that this supervision, making sure that the photo, fingerprints and other biometric data are captured at the same moment that you apply for a passport: "So that all the data is tied together and impossible for the applicant to alter."

"It's very important to have the whole enrollment process take place in one sequence via an officially supervised process. Any time you break up this sequence, you introduce a window for individuals to undermine the security of the passport."

Of course, Mr Svenningson's business model is precisely that - all-in-one biometric data capture - so he has an interest in suggesting its importance. He jokes that photography shops, who do not sell as many rolls of film any more and for whom the €8 set of four passport photos is an increasingly substantial part of their business, do not particularly like the idea.

But it will still take many years before even the current generation of e-passports is widely adopted.

Five to 10 year window

"When it comes to non-biometric passports, there is an even weaker tie between the document and its holder, and while biometric passports are common now, the large bulk of EU passports in circulation are non-biometric because they aren't out of date yet, and won't be for a number of years. It will take at least another five to 10 years for all EU passports to be biometric."

Still, nothing will be able to stop those who have the time and money to invest in counterfeiting, he said: "The intelligence services have the expenses and the capacity to do this."

Last week, the Australian Broadcasting Corporation interviewed Victor Ostrovsky, a case officer at the Mossad in the 1980s, who said that the Israeli spy agency had its own "passport factory," a company established within the Mossad headquarters.

"They create various types of papers, every kind of ink. It's a very, very expensive research department," he said.

© 2010 EUobserver.com. All rights reserved. Printed on 25.03.2010.

Tuesday, March 23, 2010

Mozambique: Biometric Passports Rejected


Maputo — The Mozambican immigration authorities have rejected the first biometric passports produced by the Belgian company, Semlex, reports Monday's issue of the Maputo daily "Noticias".

The initial forecast was that biometric passports could be issued as from Monday to Mozambican citizens - but the quality of the first passports produced by Semlex was so poor that the government has demanded improvements.

The deputy national director of immigration, Leonardo Boby, told "Noticias" that the passports produced by Semlex contained serious defects which had to be corrected before they could go into mass production.

There were spelling mistakes, Boby said, and the model used by Semlex did not provide enough space to write the names of Mozambican passport holders. Semlex had not bothered to familiarize itself with Mozambican names, and seemed not to realize that many citizens have names containing four or more words.

To take just the most well-known example, the full name of the leader of the Mozambican opposition is "Afonso Marcacho Marceta Dhlakama" - which is too long to fit in the space allocated by Semlex. According to Boby just three words will fit in the space.


In some cases, the names would run onto the space provided for the passport photograph, which is not acceptable.

On a passport, no name should be abbreviated, and so Semlex has been told to redesign the passport so that even citizens who use six or seven words in their names can fit them all in.

Boby added that the Semlex passports contained insufficient security features, and the company had bungled the images of Mozambican wildlife used.


TSA X-Ray machines amid local & national legislative debates

BTC - Digital privacy advocates testified during a House Homeland Security Committee hearing about the use of backscatter X-ray machines for security screening at airports. The Electronic Privacy Information Center or EPIC asked DHS to suspend the use of the Backscatter X-ray machines in airports to ensure the machines do not violate international child protection laws and public privacy.

Since the beginning of the year 11 machines were distributed to airports to increase bodily surveillance. The increased demand for X-Ray surveillance at TSA checkpoints came at the request of DHS following a failed terrorist attempt to bomb an inbound flight to Detroit over Christmas.

The proliferation of these machines outraged privacy advocates, child protection groups and citizens concerned about how images of their bared bodies would be handled by the TSA at local airports. State and federal legislative responses followed quickly.

Last week, Idaho State passed a law limiting the use of the machines to those those who have failed other screening procedures, like metal scanners or pat downs.

In other related news:

There's an "Always on Surveillance Society"?!

"We would require all U.S. citzens and legal immigrants who want jobs to obtain a high-tech, fraud proof Social Security card. Each card's unique biometric identifier would be stored only on the card; no government database would house everyone's information." - Senators Lindsey Graham and Chuck Schumer

BTC- I hope someone will tell these Senators there was already a billion dollar effort to create a national to international FBI database
to house the most comprehensive biometric catalogue in the United States. It is 2 football fields long and the public is not allowed to know where it is. How's that for "transparency"? It's been around since 2007.



Unfortunately, the term "transparency" is being twisted around against the American people not to mean "government accountability" but somehow to mean a super institutionalized state. In this type of state the only rights of the nation are the institutional rights and permissions granted by that state. Everyone is exactly equal: prisoners, immigrants, workers and government workers. This is the piece where the biometric worker ID card fits.
[Was this your idea of freedom, America?]
It's part of the Always On Surveillance Society and it might make you wonder if the 2010 Census is just a dog and pony show. It's globalized policy; which makes it more important than ever that you guard your private information and do everything you can to jamm up any assumptive networks using your 4th Amendment.



Unfortunately, fascism is commonly defined as Statist power as corporations rule the government, which legislates only for them and seeks only their interests.





Monday, March 22, 2010

Biometrics, privacy & technical competency in ID cards

"How quickly will this database go from being strictly to prove employment eligibility to being used by police departments to gather fingerprints while circumventing the warrant process and Fourth Amendment rights of search and seizure?" - Michelle Ngo, EPIC


BTC - The AV quality on this video is semi-intelligible and uber techy. However, it does exhaustively convey how biometric breaches happen if and when they happen.

The policy on the prolific use of biometrics for worker identity is further covered by expert Michelle Ngo for Privacy Lives!

Where to begin? First, the senators say, “Each card’s unique biometric identifier would be stored only on the card; no government database would house everyone’s information.” But that seems unlikely. What if someone hacked a real card and added their biometric data (fingerprints, eye scans, whatever is chosen by the government) to the card? Their fingerprints would match the fingerprints on the card, so they would be “identified” as the name on the card. There would likely need to be a database to check for accurate credentials.

Altering a biometric digitally by breaking into the system is just one security problem with biometric identification. Individuals could use false identification at enrollment or a biometric could be altered physically.

The senators state that they need “a tamper-proof ID system” to fix the immigration problem. But there is no tamper-proof ID system. You can strengthen ID systems, but they’ll still be forged by people with means and motive. Former Homeland Security Secretary Michael Chertoff said that the fact that REAL ID and other strengthened identification cards can be forged is a security problem:

I certainly have seen intelligence that tells me that sophisticated criminals and sophisticated terrorists spend a great deal of time learning to fabricate and forge even these improved cards. The net effect of this may be that it’s going to be harder for people on campus here to get a drink when they’re under 21, but unfortunately it’s not going to be that much harder for the most sophisticated dangerous people to counterfeit an identity card.

What the senators would be creating is a trusted card that could and would be forged by sophisticated criminals. Even if you allow the senators’ contentions: the tamper-proof card would have the biometric credential only on the card so there would be no national database, we must then look at the cost of this system. There would need to be computer systems set up for the new high-tech cards, strong encryption, special paper, special readers to 7.4 million employers in the United States, training for employers and employees, and other costs, as well. This would cost billions, perhaps trillions.

And how quickly would this employment verification card be expanded to many more uses beyond employment verification? It is to be “a high-tech, fraud-proof Social Security card,” and Social Security data is used for numerous uses today. Your Social Security number is used to open a bank account, credit account or even cellphone account. How soon before these entities say, “I need you to prove your identity by scanning your high-tech biometric Social Security card”?

How quickly will this database go from being strictly to prove employment eligibility to being used by police departments to gather fingerprints while circumventing the warrant process and Fourth Amendment rights of search and seizure? Who else could have access to your fingerprint and iris scans? The United States already has discussed sharing fingerprint and other biometric data of suspects with European countries. It’s a small step to opening up a national employee biometrics database to other countries.

Besides the security problem, there is also a substantial problem for U.S. citizens and others who may legally work in the United States. During the REAL ID national identification card debate, critics of the REAL ID program noted there is the false positive problem. U.S. workers were having problems with an employment eligibility verification system using Social Security and Homeland Security error-filled databases.Several federal (pdf) government evaluations (pdf) noted problems with database checks that lead to initial rejections for individuals who are legally eligible to work in the US, causing significant problems for eligible workers and their employers, who have done nothing wrong.

I must reiterate: This biometric identification system, where you must prove to the government that you are eligible to work, is proposed for all U.S. employees, not just immigrants. It is a terrible proposal that will not solve the immigration problem, but instead create substantial employment problems for U.S. citizens at a time when many need help to find employment, not more barriers against it.

TELL CONGRESS WHAT YOU THINK

http://www.opednews.com/articles/Can-you-prove-you-re-not-a-by-Jim-Babka-100315-218.html