Feeds

The surveillance arms race

Just what is excessive?

Top three mobile application threats

Computers, Freedom, and Privacy Surveillance breeds more surveillance. That seems to be the primary message from the first day of this year's Computers, Freedom, and Privacy conference, held this week in Montreal.

The theme of the conference is "autonomy", one of those vanishing luxuries.

Lawyer Eugene Oscapella uses the war on drugs as an example. This effort provides the justification for all sorts of surveillance, from surprise school sweeps covering kids all the way down to kindergarten, to sending sniffer dogs through hotel rooms (besides airports, bus stations, and ferries), to dawn raids by police in full body armour and carrying machine guns. And the official explanation given after a failed bust? Policing is not an exact science.

Is flying over a house with a forward looking Infra-Red camera, as in the case of R v Tessling, invasive?

Since 2001, however, the war on drugs has been fuelling the War on Terror via the claim that terrorists are funded by the drug trade - and also by getting people used to being watched and searched. "The normalisation of extraordinary powers."

Some of that watching is being done by your own devices, as Simson Garfinkel explained in a discussion of computer forensics. Mobile phones are not standardised, so there is tension between law enforcement agencies, which want everything to be easy to read, and mobile phone companies, which may regard the inner workings of their designs as proprietary information. One English company has, however, come up with a scheme for reading mobile phone data directly from the SIM, bypassing the inconveniences of incompatible plugs and operating systems entirely.

Forensics breeds anti-forensics, so tools keep being developed to evade detection, disrupt the collection of information, and waste the examiner's time. For more, see the forensics wiki.

One interesting sideline: Garfinkel debunked the widespread belief that it's impossible to erase data from a hard drive in a single pass. On modern hard drives, he said, there's no evidence that you can't, and the National Institute of Standards (NIST) said in 2006 that a single pass is sufficient. But people just don't believe it.

Just as people also don't believe that the apparently contentless, impersonal information about who they contact and when is often actually more valuable to law enforcement than the content everyone tries so hard to protect. Using traffic data (such as the location data from mobile phones, or the pattern of calls or email correspondence) George Danezis figured that you could infer status, relationships, and much else. Computational sociology suggests that surveilling around six per cent of nodes can - if you pick the right six per cent - give you information about nearly 100 per cent of the entire network. Selection is the key, and traffic data makes it possible to pick that correct six per cent.

This is, of course, not how law enforcement has been working in the UK or elsewhere. Instead, they tend to take the Humphrey Appleby view that they must know everything, and so we get laws requiring data retention. If it doesn't work, we'd better do more of it. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.