Your data is for sale

 — and not just on Facebook

Nobody is gathering more information more quickly than the providers of digital services. But do you trust them?

Your data is for sale — and not just on Facebook
(Credit: Chookiat K via Shutterstock/Salon)

This is how the tech P.R. wars of the future will be waged: “Trust us, because we will take care of your precious information better than the other guy.”

On Aug. 21, Square, the mobile-payments start-up helmed by Twitter co-founder Jack Dorsey, announced the release of a new package of analytical tools available for free to any merchant that uses Square.

Small businesses, argued the press release, tend not to have the same access to advanced data crunching as larger operations. Square Analytics “levels the playing field” and “delivers sellers actionable data to increase sales and better serve their customers.” Want to know exactly how much a bad snow storm affected your cupcake sales, or what kind of advanced coffee products your repeat customers crave the most on Tuesday mornings? Square Analytics has the answers!

A few hours after Square’s announcement, I received an email from a man who handles press relations for Shopkeep, a company that offers point-of-sale processing via the iPad, and has apparently been touting its own small business analytics support for years. Judging by the accusations made in the email, Shopkeep was none too pleased by the debut of Square’s new service.

“Square is more interested in collecting and selling data than it is in helping small businesses grow,” read the email. My correspondent further alleged that Square’s “terms and conditions” gave Square the right to do anything it wanted with the data it collected on retail transactions.

Picture this: I order coffee at a coffee shop that uses Square … Square, not the cafe, seizes the data on that transaction and emails me a receipt. The company can sell that data to the highest bidder — another coffee shop up the street or the closest Starbucks. Then I could get an email from that other coffee shop, not the one I’m a regular at, offering me a discount or some other incentive to come in.

Shopkeep, in contrast, would never do such a dastardly thing.

I contacted Square and asked spokesperson Aaron Zamost if the coffee shop scenario was realistic. Unsurprisingly, he dismissed it out of hand. “No, we do not intend to do this,” said Zamost. “We do not surface, nor do we have any plans to surface individualized transaction data to any sellers besides the one who made the sale. Our sellers trust us to be transparent with them and respectful of what they share with us. If we were to violate their trust, or behave as other companies have been known to, they would leave us.”



I have no evidence to prove or disprove the allegations made by Shopkeep or the defense offered by Square. The  interesting point is that the nature of the accusation is an attempt to poke at what is clearly a sore spot in Silicon Valley in 2014. In these post-Snowden days, how tech companies handle data is a volatile issue. In fact, it might be the biggest issue of them all. Because Shopkeep and Square are hardly alone in their ability to amass valuable information. Every company that offers a service over your mobile device — whether processing a sale, hiring a car, locating a room to stay in — is in the data business. Everyone is a data broker. As Silicon Valley likes to say, in the 21st century data is the new oil. What rarely gets mentioned afterward, however, is the fact that the oil business, especially when it was just getting started, was very, very dirty.

* * *

Square has a cool product: A plastic card reader that plugs into the headphone jack of your phone and enables anyone with a bank account to start processing credit card transactions. Although Square has yet to turn a profit, and has weathered some bad press in recent months, the company does process $30 billion worth of transactions a year. That’s a lot of information available to crunch.

Of course, there are plenty of companies, starting with the credit card firms themselves, that are already slicing and dicing payment transaction info and offering analysis to whomever can pay for it. Square is just one more player in a very crowded field. But Square is nevertheless emblematic of an important trend — let’s call it the disruptive democratization of data brokering. Once upon a time, a handful of obscure, operating-behind-the-scenes firms dominated the data-brokering business. But now that everything’s digital, everyone with a digital business can be a data broker.

In an increasing number of cases it appears that the ostensible service offered by the latest free app isn’t actually what the app-maker plans to make money off; it’s just the lure that brings in the good stuff — the monetizable data. Square may be a payments processing company first, but it is rapidly amassing huge amounts of data, which is in itself a valuable commodity, a point confirmed by  Square executive Gokul Rajaram to Fortune Magazine earlier this year.

Similarly, Uber is ostensibly a car hiring company but is also poised to know more about our transportation habits than just about any other single player. Almost every app on your phone — even the flashlight app — is simultaneously performing a service for you, and gathering data about you.

Increasingly, as the accusations about Square from a competitor demonstrate, we may end up deciding whom we choose for our services based on whether we trust them as responsible safekeepers of our data.

Until this year, most Americans have had only the sketchiest knowledge of how huge the marketplace is for our personal information. In May the FTC released a report that looked at the nine biggest data brokers — companies that specialize in amassing huge dossiers on every living person in the Western world. The numbers are startling.

Data brokers collect and store a vast amount of data on almost every U.S. household and commercial transaction. Of the nine data brokers, one data broker’s database has information on 1.4 billion consumer transactions and over 700 billion aggregated data elements; another data broker’s database covers one trillion dollars in consumer transactions; and yet another data broker adds three billion new records each month to its databases.

The big data brokers build their databases by snarfling up every single source of information they can find or buy. Databases operated by federal, state and local governments are an obvious source, but the big data brokers also routinely scrape social media sites and blogs, and also buy commercial databases from a vast variety of enterprises, as well as from other data brokers.

Today, nobody is gathering more information more quickly than the providers of digital services. Surveillance Valley, indeed! Analytics companies know the constellation of apps on your phone, including your every click and swipe, down to the most granular level.

The rules regarding what can be done with this information are in their infancy. For now, we depend largely on what the companies say in their own terms and conditions. But we would be unwise to regard those as permanently binding legally promises. They can change at any time — something that Facebook has demonstrated repeatedly. What Square says now, in other words, might not be what Square does in the future, especially if the company finds itself in dire need of cash.

When everyone is a data broker, having standardized rules governing what can be done with our information becomes a pressing social priority. Right now it’s just a big mess.

 

Andrew Leonard is a staff writer at Salon. On Twitter, @koxinga21.

 

http://www.salon.com/2014/08/29/its_not_just_facebook_anymore_in_the_future_your_data_is_always_for_sale/?source=newsletter

Companies sell mobile phone spying tools to governments worldwide

http://srgurukul.com/images/Mobile.jpg

By Thomas Gaist
26 August 2014

Cell phone location tracking technologies long used by the US National Security Agency and British GCHQ are increasingly available for purchase by other governments throughout the world, the Washington Post reported Monday.

Cell phone location data tracking systems, which include a range of associated intelligence gathering capabilities, are constantly being developed and marketed by private security contractors. The technology enables governments and private entities to track the movements of cell phone users across national boundaries, in many cases pinpointing users’ precise locations within a few meters.

One surveillance firm, called Defentek, boasts on its web page that its Infiltrator Global Real-Time Tracking System can “locate and track any phone number in the world.” The Infiltrator System is “a strategic solution that infiltrates and is undetected and unknown by the network, carrier, or the target,” the site says.

Analysis of cell phone location tracking software by the watchdog group Privacy International highlighted the role of Verint, a sophisticated Israeli-American private security and intelligence contractor that employs former government agents, including special forces soldiers.

Verint reports on its web page that the company’s systems are used by “more than 10,000 organizations in over 180 countries,” the Washington Post reported.

The spread of such cutting-edge surveillance systems by private security and intelligence firms is taking place with the help of the major telecommunications corporations. Verint states that it has installed location data capture software on cellular networks in numerous countries with the knowledge and cooperation of major telecommunications providers.

A confidential Verint advertising brochure posted online by Privacy International detailed the wide array of surveillance capabilities offered by Verint to clients. According to its advertising material, Verint’s “Solution’s Portfolio” includes “Cellular Interception and Control, Mobile Satellite Interception, Global Cellular Location, and IP Interception and Tampering.” The brochure notes that the company sells “Monitoring Centres that can operate at nationwide levels and has been known to have had installations in Slovakia, Ivory Coast, India and Vietnam.”

For the right price, Verint will also carry out and/or facilitate a number of other intelligence-related operations on behalf of its clients, including:

* Identifying potential targets and building an intelligence picture over cellular networks

* Passively and covertly collecting cellular traffic in an area and analyzing it in real time to identify potential targets

* Identifying suspicious communication patterns using a range of analysis tools, including Location, Speech Recognition, Link Analysis, Text Matching

* Intercepting voice calls and text messages of potential targets

* Identifying, intercepting, decoding, manipulating and analyzing WiFi-enabled devices such as tablets, smartphones, and laptops

Verint also claims that it can break into encrypted communications and remotely activate microphones on cell phones, and the company offers training sessions simulating a range of tactical scenarios with its in-house veteran military and intelligence personnel.

Reports from the summer of 2013 showed that Verint provided systems used by the Mexican government during the administration of President Felipe Calderon to capture and analyze all types of communications in that country beginning in 2007, as part of operations initiated in coordination with the US State Department.

In its report, the Washington Post noted that surveillance agencies and private companies are increasingly deploying “IMSI catchers,” also referred to as StingRays, which enable users to send fake text messages, inject malware into targeted phones, and intercept the content of various forms of cellphone-based communications.

In addition to using StingRays, surveillance agencies can tap directly into cell phone towers to identify movement patterns of nearby telephone users. Location data from cell phone towers, moreover, is regularly transferred in bulk to federal, state, and local security agencies across the US through a procedure known as “tower dumps.”

Revelations from December of 2013 have already shown that the NSA’s CO-TRAVELLER program gathers around 5 billion pieces of cell phone location data worldwide on a daily basis, and has been capable of tracking the location of cellphones, even when switched off, since 2004. Location data gathered by the NSA allows the agency to map the overall movement pattern of targeted individuals, their daily routes and habitual meeting places.

The US uses related technology to orchestrate its drone wars in Afghanistan, Pakistan, Yemen and elsewhere. As part of a program codenamed GILGAMESH, the NSA’s “Geo Cell” program, which sports the motto “We Track ‘Em, You Whack ‘Em,” guides drone strikes against alleged terrorists by tracking the location of SIM cards inside their cellphones.

All of these surveillance and tracking programs are part of the efforts of the US and other imperialist states to compile comprehensive databases on their respective populations in response to growing popular opposition to the growth of social inequality and attacks on democratic rights.

What Facebook doesn’t show you

BLOGGER COMMENT:  Interaction with your FB “friends” is relatively insignificant. So what’s the point of “social media?” Data gathering for corporations. Certainly not socializing…
August 18

When you spend a day with something that knows you in ways you don’t know yourself, you learn that maybe you aren’t quite as interested in the things you think you are.

Here’s what I learned about myself: It seems I don’t much care about my hometown or the people in it, I’m far more interested in feminist blogs than I am in technology or sports, I’m still hung up on New York after moving away last spring, and I’m apparently very interested in the goings on of someone I worked with at Pizza Hut when I was 16.

What was the source of these revelatory, self-image-shifting facts? The same place you probably went when you got to work this morning: Facebook, which we can’t stop feeding, and obsessively tracks our every online movement.

Over the course of five or six hours on July 17, I pored over my News Feed, endlessly scrolling and refreshing until every piece of content that appeared was a repeat. I cataloged each post, totaling 1,417 status updates, photos, links, Likes, event RSVP’s and more, creating an assortment of everything Facebook thinks I care about.

But for all those link shares and wall posts, I still wasn’t sure exactly why I was seeing what I was seeing, or if I was even seeing what I wanted to see. (A Pizza Hut co-worker? Really?) So I went through my whole Facebook network – all of my 403 friends and the 157 Pages I Like – and recorded every single thing they posted on July 17.

Spoiler: My News Feed showed me only a fraction of my network’s total activity, most of what it showed me was old, and what I was shown was often jarringly unexpected.

Facebook says roughly one in seven people on the planet log in at least once a month. And yet, how News Feed works remains bafflingly opaque, like a secret box of technology, algorithms and magic that remains one of tech’s bigger mysteries. An entire consulting industry is built around trying to game it (think SEO for Google), and publishers invest enormous amounts of energy into succeeding on it, but as soon as people start to figure it out Facebook tweaks its secret recipe and everything goes out the window.

What we know is this: The more popular a piece of content posted in your network becomes, the more likely it is to spill into your News Feed; and the friends and Pages you interact most with are the ones you’ll see most frequently, according to Justin Lafferty, editor of InsideFacebook.com.

“Mark Zuckerberg wants News Feed to be like a newspaper,” he said. “The top stories are curated based on relevancy and the user’s connection to that page or friend,” he said, adding that like a printed newspaper or magazine, older stories can still be germane.

But beyond that, not much is known, and the further you dig into what Facebook thinks about you, the more odd things can get.

For example: I lived in Denver until I was 20 and still consider it home. Throughout my day on Facebook, I didn’t see a single story from The Denver Post, despite that Page posting 17 pieces of unique content. The same was true for Westword, a Denver alt-weekly I used to read religiously; a handful of local TV news stations I Like; and high school friends, acquaintances and even people I still consider close friends who live there. Do I not care about my home as much as I thought? Despite letting Facebook track me basically wherever and whenever it wants to, it still doesn’t think I’m interested in Denver or what goes on there?

On the other hand, women-oriented blogs such as Jezebel, Refinery29 and The Cut at times dominated my News Feed, with a whopping 40 posts between them appearing. The Verge, which I thought was among my favorite blogs, barely showed up.

And even as I was doing my experiment, I could see subtle shifts in what appeared, which, in turn, perhaps changes who Facebook thinks I am. Status updates from those same high school friends I hadn’t interacted with in years suddenly started popping up toward the end of the day. The same went for Pages I liked long ago and forgot about, and parties in New York I wasn’t invited to but saw close friends RSVP to.

The day had become an oddly pointed reminder of a past I don’t seem to care about, and a distressing collection of everything I’m missing out on today.

By midnight, after almost six hours of scrolling, refreshing and note-taking throughout the day, I had consumed 1,417 unique events. Posts from July 17 became rare as older posts crept in, and eventually everything I was seeing in my News Feed I had seen before. I had exhausted my well of Facebook content, I thought – a triumph! I had conquered Facebook!

Well, no: I wasn’t even close. After going back to record every single event that happened in my entire network on July 17, I saw that 2,593 pieces of new content had been produced. I saw 738 of them, or about 29%. The other 679 posts that appeared in my News Feed were old news by the time I saw them, sometimes by more than two days.

So that means that after doing everything possible to see all of the activity in my network, I saw less than third of it. Considering the average U.S. user spends around 40 minutes on Facebook per day – or about one-tenth of the time I spent in my News Feed – it’s easy to imagine that percentage dipping far, far below my 29%.

But that might be the point.

Greg Marra, a product manager on News Feed at Facebook, told me that it is fundamentally a reflection of the user and his or her interests.

“News Feed is made by you,” Marra said. “It tries to show the most interesting things possible for you, it’s a very personalized system,” he said, adding, “We try to let users take control.”

Marra said there are countless signals that tell Facebook what to pump into a person’s News Feed, including relationships with other users, the topic of content in a given link, how long a user spends reading a story he or she found though Facebook, if and how many times X user visits Y user’s profile, friends’ activity on a certain post, all of our previous activity and more.

“We learn based on what you’ve done in the past,” Marra said. “And we try to quickly learn about the things that you’re interested in.”

(Remember that Facebook’s learning can sometimes result in disastrous PR.)

So after a full day spent on Facebook, what was I left with? In the end, not much. A heap of work for myself to complete this story; a still-muddled understanding of how News Feed works; and a slightly different view of what I think I care about.

Fittingly enough: The final post I saw on my Endless Day of Facebook was a status update about a flash flood warning that was more than 40 hours old.

It was for Denver.

http://www.washingtonpost.com/news/the-intersect/wp/2014/08/18/what-facebook-doesnt-show-you/?Post+generic=%3Ftid%3Dsm_twitter_washingtonpost

 

Snowden discusses US surveillance and cyber-warfare programs in interview with Wired

http://9buz.com/upload/national_security_agency_the_nsa_the_only_part_of_government_that_actually_listens__2013-06-21.jpg

By Thomas Gaist
15 August 2014

Wired magazine published an extended interview this week with former US intelligence agent and famed whistleblower Edward Snowden. Conducted in a hotel room somewhere in Russia, the interview included fresh revelations related to mass surveillance, cyber-warfare and information-grabbing operations mounted by the US National Security Agency (NSA).

The meat of the interview centered on a number of operations run by the surveillance and intelligence agencies, painting a picture of an American government engaged in ever-expanding cyber-machinations worldwide.

Snowden spoke about the NSA’s MonsterMind program, an “autonomous cyber-warfare platform” which has been developed to launch cyber-attacks automatically against rival governments, without any need for human intervention. He noted that MonsterMind could easily be manipulated to provoke spasms of cyber-warfare between the US and its main rivals.

“These attacks can be spoofed. You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital,” Snowden said.

Far from restricting itself to cyber-defense, Snowden said, the US is constantly engaged in offensive hacking operations against China.

“It’s no secret that we hack China very aggressively,” Snowden said. “But we’ve crossed lines. We’re hacking universities and hospitals and wholly civilian infrastructure rather than actual government targets and military targets.”

Snowden offered new information about the role of the NSA in facilitating US imperialism’s geopolitical agenda in the Middle East. In 2012, Snowden said, the NSA’s Tailored Access Operations (TAO) hacking unit accidentally disabled large portions of Syria’s Internet during an operation that sought to install information-capturing software on the routers of a main Syrian service provider.

Western media dutifully reported at the time that the Internet shutdown was ordered by the Assad regime, which was and remains a primary target for overthrow by US and European imperialism.

Describing “one of the biggest abuses we’ve seen,” Snowden said that the US routinely transfers bulk communications data acquired from Palestinian and Palestinian- and Arab-American sources to Israeli intelligence in support of Israeli military operations targeting the Occupied Territories.

Moreover, a Snowden-leaked NSA document published earlier this month stated that through its collaboration with US intelligence and surveillance agencies, the Israeli regime “enjoys the benefits of expanded geographic access to world-class NSA crypto analytic and SIGINT engineering expertise, and also gains controlled access to advance US technology and equipment.” During Israel’s 2008-2009 military onslaught against Gaza, US and British intelligence provided Israel with reams of data captured from surveillance of Palestinian e-mail addresses and telephones, the document confirmed.

Speaking about the lies told by Director of National Intelligence (DNI) James Clapper during congressional testimony in the wake of the initial leaks, Snowden denounced the culture of deception and criminality that pervades the US government and ruling elite.

During the March 2013 hearing, DNI Clapper was asked, “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”

In an absurd lie, repeated in one form or another by numerous top officials including President Barack Obama, Clapper answered, “No sir, not wittingly.”

Snowden correctly noted that Clapper’s brazen lying was merely standard operating procedure for top US officials. “He [DNI Clapper] saw deceiving the American people as what he does, as his job, as something completely ordinary. And he was right that he wouldn’t be punished for it, because he was revealed as having lied under oath and he didn’t even get a slap on the wrist for it. It says a lot about the system and a lot about our leaders,” Snowden said.

The interview provided an outline of Snowden’s career prior to 2013, which included significant high-level work on behalf of the Central Intelligence Agency (CIA) and NSA as an intelligence and technology specialist. During his years of employment by the government, Snowden attended a secret CIA school for tech experts and worked for the CIA’s global communications division as well as for the NSA office at the Yokota Air Base near Tokyo.

Snowden later held a position with Dell as its head technologist in relation to the CIA’s account with the company.

While working for the NSA contractor Booz Allen, Snowden worked to seize data from foreign service and inject malware into computer systems around the globe, he said. It was during this period that he became aware that the NSA was capturing and archiving huge amounts of US data, and doing so “without a warrant, without any requirement for criminal suspicion, probable cause, or individual designation.”

Snowden stressed the all-invasive character of the surveillance programs, stating categorically that the surveillance programs violate the Fourth Amendment.

“The argument [made by the US government] is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows. And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time,” Snowden said.

Responding to the interview, an official government statement reiterated the state’s longstanding demand for Snowden to return to the United States and face espionage charges in a US court.

“If Mr. Snowden wants to discuss his activities, that conversation should be held with the U.S. Department of Justice. He needs to return to the United States to face the charges against him,” the statement said.

During the interview, Snowden suggested that he might voluntarily accept a prison sentence as part of a deal with the US government allowing him to return home. While it is understandable that Snowden should seek every available means to avoid the fate of fellow whistleblower Pfc. Chelsea Manning, who was sentenced to 35 years in prison and abused for years prior to his trial, it is a dangerous delusion to believe that the US government can be negotiated with on this matter.

In compromising mass spying operations that are considered essential to the stability and security of the capitalist state, Snowden’s actions have provoked significant anxiety within ruling circles. As a result, the most powerful elements within the US establishment view Snowden as a hated and mortal enemy, and are determined to lock him up and throw away the key.

 

Leaked Docs Show Spyware Used to Snoop on U.S. Computers

Software created by the controversial U.K. based Gamma Group International was used to spy on computers that appear to be located in the United States.

Gamma group customer logs found in the leaked trove that was posted online by hackers. (Gerald Rich/ProPublica)

Software created by the controversial U.K. based Gamma Group International was used to spy on computers that appear to be located in the United States, the U.K., Germany, Russia, Iran and Bahrain, according to a leaked trove of documents analyzed by ProPublica.

It’s not clear whether the surveillance was conducted by governments or private entities. Customer email addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer and the Qatari government.

Countries With Computers Targeted by FinFisher
Bahrain
Belgium
Cyprus
Egypt
Germany
Iraq
Islamic Republic of Iran
Italy
Kuwait
Lebanon
Lithuania
Morocco
Netherlands
Qatar
Russian Federation
Saudi Arabia
Sweden
Switzerland
Thailand
Tunisia
United Arab Emirates
United Kingdom
United States
Yemen

The leaked files — which were posted online by hackers — are the latest in a series of revelations about how state actors including repressive regimes have used Gamma’s software to spy on dissidents, journalists and activist groups.

The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. “I think it’s highly unlikely that it’s a fake,” said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group’s software and who authored an article about the leak on Thursday.

The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events — such as the day that a particular Bahraini activist was hacked.

Gamma has not commented publicly on the authenticity of the documents. A phone number listed on a Gamma Group website was disconnected. Gamma Group did not respond to email requests for comment.

The leaked files contain more 40 gigabytes of confidential technical material including software code, internal memos, strategy reports and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets’ computers and cell phones.

A price list included in the trove lists a license of the software at almost $4 million.

The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer ‘exploits.’

Exploits include techniques called “zero days,” for “popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more.”Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.

Vupen has said publicly that it only sells its exploits to governments, but Gamma may have no such scruples. “Gamma is an independent company that is not bound to any country, governmental organisation, etc.,” says one file in the Gamma Group’s material. At least one Gamma customer listed in the materials is a private security company.

Vupen didn’t respond to a request for comment.

Many of Gamma’s product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated.

In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user’s machine, and found that it could not be blocked by most antivirus software.

Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft’s Bitlocker.

Mike Janke the CEO of Silent Circle said in an email “We have serious doubts about if they were going to be successful” in circumventing the phone software, and that they were working on bulletproofing their app.

Microsoft did not respond to a request for comment.

The documents also describe a “country-wide” surveillance product called FinFly ISP which promises customers the ability to intercept internet traffic and masquerade as ordinary websites in order to install malware on a target’s computer.

The most recent date-stamp found in the documents is August 2nd, which coincides with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack, and may be run by the hacker or hackers responsible for the leak.

On Reddit, a user called PhineasFisher claimed responsibility for the leak. “Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents,” the user wrote. The name on the @GammaGroupPR Twitter account is also “Phineas Fisher.”

GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company’s malware was used to target activists in Bahrain.

In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.

Senior reporter Julia Angwin and Jonathan Stray, special to ProPublica, contributed to this report.

 

http://www.propublica.org/article/leaked-docs-show-spyware-used-to-snoop-on-u.s.-computers?utm_source=et&utm_medium=email&utm_campaign=dailynewsletter

Google is crossing a slippery slope between privacy and spying.


Google Is Acting Like an Arm of the Surveillance State

http://www.liebenfels.com/wp-content/uploads/2012/09/The-surveillance-state.jpg

Convicted in 1994 of sexually assaulting a young boy, John Henry Skillern of Texas once again finds himself incarcerated and awaiting trial, this time for possession and production of child pornography. Skillern’s arrest comes courtesy of Google. Few, I expect, will shed tears for Skillern with respect to his alleged sexual predations. Nonetheless his case once more brings Google into the privacy spotlight, this time as an arm of “law enforcement.”

Google makes no secret of the fact that it “analyzes content” in emails sent and received by users of its Gmail service, mostly for purposes of targeting advertising to users most likely to click thru and buy things. That’s how Google makes money — tracking users of its “free” services, watching what they do, selling those users’ eyeballs to paying customers.

It’s also understood by most that Google will, as its privacy policy states, “share personal information … [to] meet any applicable law, regulation, legal process or enforceable governmental request.” If the cops come a-knocking with a warrant or some asserted equivalent, Google cooperates with search and seizure of your stored information and records of your actions.

But Google goes farther than that. Their Gmail program policies unequivocally state that, among other things, “Google has a zero-tolerance policy against child sexual abuse imagery. If we become aware of such content, we will report it to the appropriate authorities and may take disciplinary action, including termination, against the Google Accounts of those involved.”

As a market anarchist, my visceral response to the Skillern case is “fair cop – it’s in the terms of service he agreed to when he signed up for a Gmail account.”

But there’s a pretty large gap between “we’ll let the government look at your stuff if they insist” and “we’ll keep an eye out for stuff that the government might want to see.” The latter, with respect to privacy, represents the top of a very slippery slope.

How slippery? Well, consider Google’s interests in “geolocation” (knowing where you are) and  in “the Internet of Things”  (connecting everything from your toaster to your thermostat to your car to the Internet, with Google as middleman).

It’s not out of the question that someday as you drive down the road, Google will track you and automatically message the local police department if it notices you’re driving 38 miles per hour in a 35-mph speed zone.

Think that can’t happen? Think again. In many locales, tickets (demanding payment of fines) are already automatically mailed to alleged red-light scofflaws caught by cameras. No need to even send out an actual cop with pad and pen. It’s a profit center for government — and for companies that set up and operate the camera systems. In case you haven’t noticed, Google really likes information-based profit centers.

And keep in mind that you are a criminal. Yes, really. At least if you live in the United States. Per Harvey Silverglate’s book Three Felonies a Day, the average American breaks at least three federal laws in every 24-hour period. Want to bet against the probability that evidence of those “crimes” can be detected in your email archive?

To a large degree the Internet has killed our old conceptions of what privacy means and to what extent we can expect it. Personally I’m down with that — I’m more than willing to let Google pry into my personal stuff to better target the ads it shows me, in exchange for its “free” services. On the other hand I’d like some limits. And I think that markets are capable of setting those limits.

Three market limiting mechanisms that come to mind are “end to end” encryption, services for obfuscating geographic location and locating servers in countries with more respect for privacy and less fear of “big dog” governments like the United States. If Google can’t or won’t provide those, someone else will (actually a number of someones already are).

The standard political mechanism for reining in bad actors like Google would be legislation forbidding Internet service companies to “look for and report” anything to government absent a warrant issued on probable cause to believe a crime has been committed. But such political mechanisms don’t work. As Edward Snowden’s exposure of the US National Security Agency’s illegal spying operations demonstrates, government ignores laws it doesn’t like.

Instead of seeking political solutions, I suggest a fourth market solution: Abolition of the state. The problem is not so much what Google tracks or what it might want to act on. Those are all a matter of agreement between Google and its users. The bigger problem is who Google might report you TO.

Thomas L. Knapp is Senior News Analyst at the Center for a Stateless Society (c4ss.org).

http://www.alternet.org/civil-liberties/google-acting-arm-surveillance-state?paging=off&current_page=1#bookmark

New Snowden leak highlights collaboration between NSA and Israeli intelligence

http://freedomoutpost.com/wp-content/uploads/2013/09/6351465258074034484.jpg

By Nick Barrickman
6 August 2014

Documents leaked by former NSA contractor Edward Snowden highlight the extensive collaboration between the US National Security Agency (NSA) and Israel’s SIGINT National Unit (ISNU). The documents were published in the Intercept by journalist Glenn Greenwald.

One document, dated April 13, 2013, shows that the NSA works with ISNU to collect and analyze raw data, including data acquired from US citizens. According to the document, the NSA “maintains a far-reaching technical and analytic relationship with the Israeli SIGINT National Unit, sharing information on access, intercept, targeting, language, analysis and reporting.”

“This SIGINT relationship has increasingly been the catalyst for a broader intelligence relationship between the United States and Israel,” the document states.

“The Israeli side enjoys the benefits of expanded geographic access to world-class NSA crypto analytic and SIGINT engineering expertise, and also gains controlled access to advanced US technology and equipment via accommodation buys and foreign military sales,” the document states.

The same document shows that the NSA and the ISNU work together to acquire intelligence on targets in North Africa, the Middle East, the Persian Gulf, South Asia and the former Soviet Union, sharing “a dedicated communications line” for the “exchange of raw material, as well as daily analytic and technical correspondence.”

“The single largest exchange between NSA and ISNU is on targets in the Middle East which constitute strategic threats to US and Israeli interests…Within that set of countries, cooperation covers the exploitation of internal governmental, military, civil and diplomatic communications,” the document states.

Documents leaked by Snowden also expose the substantial support enjoyed by Israel from Western intelligence as it coordinates war crimes against the Palestinians.

During late 2008 and early 2009, as the Israel Defense Forces (IDF) subjected the Palestinian population to a massive terror campaign—codenamed Operation Cast Lead—US, British and Canadian intelligence engaged in extensive spying on specific email addresses and telephone numbers inside the Occupied Territories on behalf of the ISNU. GCHQ noted in an internal document that ISNU has “thanked us many times over” for intelligence provided during the assault on Gaza.

The documents also expose the joint efforts by the Israeli and US authorities to sabotage Iran’s uranium enrichment program and target the Assad regime in Syria. The document boasts that “NSA and ISNU continue to initiate joint targeting of Syrian and Iranian leadership and nuclear development programs with CIA, ISNU, SOD and Mossad. This exchange has been particularly important as unrest in Syria continues, and both sides work together to identify threats to regional stability.”

“NSA’s cyber partnerships expanded beyond ISNU to include Israeli Defense Intelligence’s SOD and Mossad, resulting in unprecedented access and collection breakthroughs that all sides acknowledge would not have been possible to achieve without the others,” the document states. “Target sets include, but are not limited to Iran Nuclear, Syrian Foreign Fighter movements, Lebanese Hizballah and Iranian Revolutionary Guard Corps activities.”

Another NSA document leaked by Snowden highlights the involvement of Jordan with the machinations of US imperialism throughout the region. According to the document, the Jordanian Electronic Warfare Directorate (EWD) has maintained a “well established, long-standing and trusted relationship dating back to the early 1980s” with the NSA.

The EWD provides US and Israeli authorities “high-interest, unique collection on targets of mutual interest, such as the Palestinian Security Forces,” the document states. “EWD is the sole contributor to a large body of NSA’s reporting on this target,”

Follow

Get every new post delivered to your Inbox.

Join 1,528 other followers