Title: Types of Surveillance Technology Currently Used by Governments and Corporations
1Types of Surveillance Technology Currently Used
by Governments and Corporations
- Jeffrey Aresty
- President, Internetbar.org
- www.internetbar.org
- www.cyberspaceattorney.com
- March 2006
2Introduction
- At present, users obtain various online
identities (IDs) from - E-mail
- ISPs
- URLs
- IDs function on the Internet in anonymous
spacean online ID does not actually identify
the person connected with the ID - Anonymity facilitates theft, fraud, and abuse
3Introduction
- In contrast, in the works are efforts to create a
new layer of identity - Focusing on the user, the new system would not
require multiple online IDs, but would be
characterized by a single sign-on - The system, called an open security, would be
more secure and trustworthy, reducing theft,
fraud, and abuse
4Introduction
- In part because we do not yet have security on
line, governments and corporations can, and do,
breach privacy with technology - Intrusions fall into two categories
- Cyberspace intrusions
- Breaches of privacy in the physical world
- Increasing capacity and tendency to use
technology to connect new and old technologies
for surveillance
5Real-World Technologies that Intrude on Privacy
- Cameras
- Eavesdropping
- Face-Recognition and other Biometrics
- No Fly and Similar Watch Lists
- Odor Prints
- Radiation Detection Technology
- RFID
- Smart Video Surveillance
6Cameras
- Cameras have been used for decades
- by governments
- to monitor traffic
- to detect and prevent crime
- by corporations
- to surveill private businesses
- to detect and prevent crime in retail
establishments
7Cameras
- In Britain,
- more than four million closed-circuit (CCTV)
cameras - 1,800 cameras in railway stations 6,000 in
underground train network and buses - CCTV tapes used in July 2005 London bombings
investigation - In US,
- 5,000 cameras in New York Citys transportation
systems - US Border Patrol uses Remote Video System (RVS)
along borders, costing over 64 million in FY2005 - Worldwide, video surveillance software sales in
2004 were 147 million expected to reach 642
million in 2009
8Eavesdropping
- US government has capacity and authority to
monitor e-mail, telephone, pager, wireless phone,
facsimile, computer, and other electronic
communications and communication devices - Court order is required except in emergencies and
cases of national security - In 2003, 1,442 wiretaps requested, all granted,
intercepting over four million conversations
9Eavesdropping
- National Security Agency (NSA) uses
Echelonglobal electronic eavesdropping system - Picks up telephone, e-mail, Internet upload
- Downloads communications transmitted by
satellite, microwave tower, cable - Information sifted by supercomputers for
terrorism information - Software-defined radio, a wireless technology,
makes cell phones and computers easier to bug and
makes intercepting device compatible with networks
10Face-Recognition and other Biometrics
- Biometric devices scan, record, and recognize
- Irises
- Voices
- Facial bone structure
- Improved picture quality technology enables
face-recognition software to inspect 1/400th of
facesize of pores - Infrared technology piggybacked onto
face-recognition software enables
three-dimensional map of face - Plans for US passports with face-recognition
biometrics and RFID chips - EU requires member states to have face biometrics
in passports in mid-2006
11Face-Recognition and other Biometrics
- In 2003, biometric face-recognition software
resulted in over 40 false positives - 4.7 billion industry in 2009
- Other biometrics
- below-skin fingerprints (capture swirling
patterns of capillaries) - palm scanners that read vein patterns
- iris scanners
- gait-recognition systems (measure torsos
silhouette and movement of shoulders and legs to
determine individual signature strides)
12No Fly and Similar Watch Lists
- In 2005, 12 separate lists maintained by nine US
governmental agencies - Confusion and lack of leadership in maintenance
of lists some lists outdated - List bloatlists become unreasonably large from
incentive to add names, sloppiness - Innocent individuals names appear
13No Fly and Similar Watch Lists
- Access to the lists curtailed in the name of
securitynearly impossible to discover if and why
a name is on the list, much less have it removed - Lists will connect with government-developed
Secure Flight - Related British government pressing for
creation of comprehensive electronic population
register
14Odor Prints
- Odor-printing technology is based on premise that
each human being has distinct set of odors that
could serve as an identifier
15Radiation Detection Technology
- US Customs and Border Protection (CBP) employs
radiation-detection technologies at official
entry points, including - Highly sensitive personal radiation detectors
- Radiation portal monitors
- Hand-held radiation isotope identifiers
16Radio Frequency Identification (RFID)
- Tiny computer chips use electromagnetic energy in
the form of radio waves to track things from a
distance - Nicknamed spychips
- Can travel through clothing, backpacks,
briefcases, wallets, walls, and windows without
obstruction, misorientation, or detection - RFID chips read and retain biometric information,
such as fingerprints and photographs
17Radio Frequency Identification (RFID)
- The RFID tag, in use in 2005, contains
- Tiny silicon computer chip with unique ID number
- Connected antenna
- RFID tag is
- Thumbnail size
- Affixed to plastic surface
- Paper thin
- Can be embedded into clothing label, where it is
virtually undetectable
18Radio Frequency Identification (RFID)
- Passive RFID tags do not have their own
internal power source, but communicate when a
reader seeks a signal from them - Active or self-powered RFID tags have a battery
attached and so can actively transmit
information - RFID reader emits radio waves, seeking out RFID
tags - RFID easily integrates into existing database
systems - Electronic Product Codeevery, single object on
Earth will have its own unique ID number
19Radio Frequency Identification (RFID)
- By 2005 embedded in some
- Worker uniforms
- Employee and student ID badges
- Toll transponders
- Animals (pets and livestock)
- Warehouse crates and pallets
- Gasoline cards
- Consumer products such as diapers and shampoo
- Library books
- Toll collection systems such as EZ-Pass
- Keyless remote systems for cars
- Keyless remote systems for garage door openers
20Radio Frequency Identification (RFID)
- Predicted to be embedded soon in
- Clothing
- Passports
- ATM cards
- Vehicles
- US postage stamps
- Paintings
- Beads
- Nails
- Wires
- Cash
21Radio Frequency Identification (RFID)
- VeriChipglass capsule containing RFID device
to be injected into human flesh for ID and
payment purposes - 60 persons in US had VeriChips at end of 2005
- Also, injected into deceased victims of Hurricane
Katrina - RFID is predicted to be used by
- Retailers to price products according to
customers purchase history and value to store - Pharmaceutical manufacturers on prescription
medications - Banks to identify and profile customers who enter
premises - Governments to
- electronically frisk citizens at invisible
checkpoints - track citizens in airports and border-crossing
points - track mail sent from point to point through
embedded postage stamps - track library materials
22Smart Video Surveillance
- Video surveillance combined with
behavior-recognition software - Uses computer to
- Learn what normal behavior is
- Identify unusual activity, such as shifting in
ones seat on a bus - Work in conjunction with other technology such as
facial-recognition systems
23Privacy Intrusions in Cyberspace
- Clickstream Data Analysis
- Cookies
- Man-in-the-Middle Attacks
- Pharming
- Phishing
- Spyware
- Voice Over Internet Protocols (VoIPs)
- Web Bugs
24Clickstream Data Analysis
- Logs of transactions recently performed on
Internet computers, such as - Addresses of computers that have made requests
- Date and time
- How computers services were used
- Which page was visited prior to entrance into
Website - How Website was exited
- Internet logs also called Clickstreams
- Can be used to prepare statistics about paths
taken and not taken by Internet users
25Cookies
- Small file placed and stored on users computer
by remote computer - Used to track information about how user moved
about Website - Which choices made
- Which links clicked
- User visits same Website again and cookie, now
written onto users computer, provides
information about users last visit - Cookies can be used to build user profiles
- Internet sites share cookie information with
others
26Man-in-the-Middle Attacks
- Computer security breach in which hacker
intercepts, reads, and alters data traveling
along network between two Websites - Also called TCP hijacking
27Pharming
- Hackers redirection of Internet traffic from one
Website to another - Second Website appears identical to legitimate
site - User is tricked into entering user name and
password into fake site - DNS poisoning or DNS cache poisoning used to
reroute user - Domain name systems servers corrupted
28Phishing
- Internet user receives e-mail appearing to be
legitimate and from reputable company, asking
user to reply with updated credit card
information - Clicking on link sends user to fake Website,
where user provides - Credit card information
- Date of birth
- Address
- Site password
- Social Security number
- Also called brand spoofing
- Puddle phishing is phishing specifically
targeting a small company, such as community bank
29Spyware
- Software that sends data about user when computer
is connected to the Internet
30Voice Over Internet Protocols (VoIPs)
- Method for speaking through computer by phone or
microphone - Analog voice signal converts to digital format
- Broadband networks transmit calls in Internet
Protocol (IP) packets - Also called Internet telephony
- VoIP vulnerable to eavesdropping
- A free Internet program captures and converts
transmissions to audio files
31Voice Over Internet Protocols (VoIPs)
- Is VoIP a communications service or information
service? - In 2005, FCC adopted rules requiring VoIP
providers to allow law enforcement to tap into
Internet phone calls - FBI has authority and ability to conduct
surveillance of broadband users pursuant to court
order
32Web Bugs
- Tiny, invisible image or graphic embedded into
HTML-formatted Website or e-mail message to track
users activities - Web bugs present as HTML IMG tags
- Provide Website owner with information about
hits, including - IP address of users computer
- Type of browser used
- Time of the hit
- Previously set cookies
- Also called HTML bugs or clear GIFs
33Connectors of Information
- Automated Targeting System
- Automatic Number Plate Recognition System
- CALEA Petition for Rulemaking
- Data Mining
- ID Cards
- Integrated Automated Fingerprint Identification
System - Multistate Anti-Terrorism Information Exchange
- Secure Flight and other Targeting Systems
- Sharing/Databases
- Terrorist Screening Database of the Terrorist
Screening Center - Total Information Awareness
- US-VISIT
34Automated Targeting System (ATS)
- US Customs and Border Protection technology
collects and analyzes cargo shipping data - Distinguishes and identifies high-risk shipments
35Automatic Number Plate Recognition System
(ANPR)
- Britains national database
- Each camera on a pole or in police van is
supported by a computer - Allows for automatic tracking
- Information obtained by camera immediately
cross-referenced with database - In 2006, information could be stored for two
years projected to be able to store for five
years
36CALEA Petition for Rulemaking
- In August 2005, FCC ruled that Internet broadband
access providers and certain VoIP service
providers must design networks to be
wiretap-friendly pursuant to Communications
Assistance for Law Enforcement Act (CALEA) of
1994
37Data Mining
- Computer systems that search numerous databases
for correlations between data - Currently used by corporations to determine
consumer preferences
38ID Cards
- Biometric ID cards to be issued starting in 2008
to voluntary participants in Britain would become
compulsory in 2013 - Cards contain
- Name
- Gender
- Date and place of birth
- Current and previous addresses
- Immigration status
- Chip containing
- Digital photo
- Fingerprints
- Iris scans
39Integrated Automated Fingerprint Identification
System (IAFIS)
- System electronically compares live-scanned
fingerprint with database of previously captured
fingerprints
40Multistate Anti-Terrorism Information Exchange
(MATRIX)
- Integration of factual, disparate data from
existing sources to Web-enabled storage
systems to identify and combat criminal activity - Includes
- Aircraft and other property ownership records
- Bankruptcy filings
- Corporate filings
- Criminal history records
- Digital photographs
- Drivers and pilots licenses
- State professional licenses
- State sexual offenders lists
- Terrorism watch lists
- UCC filings
- Vehicle registrations
41Secure Flight and other Targeting Systems
- Secure Flight passenger-screening program
- Computer-assisted passenger screening system that
searches databases, matches passenger against FBI
consolidated watch list, and rates passenger with
a threat level in red, yellow, or green - Based on tagging, passengers could be
scrutinized, interrogated, or detained - Might incorporate behavioral profiling
- Goal is to link in real time to video
imagesautomatic link between video of terrorist
suspect and watch list - Not yet approved in mid-2005
42Secure Flight and other Targeting Systems
- Border Patrol Targeting Systems Enhancement
- Over 20 million budgeted in US Department of
Homeland Security in 2005 - Seeks to develop and refine automated target
recognition systems using latest sensor
technology - Semantic Information Fusion
- Seeks to correlate disparate data about human
targets, including - Location
- Identity
- Behavior
- Creates composite description of a particular
situation - Uses linguistic information and physics-based
models of access, mobility, and visibility to
reconstruct past and infer current events
43Sharing/Databases
- Governments increasingly share citizens personal
information with each other and with the private
sector - Data . . . are tributaries flowing into one
giant river of databases. Lee Tien, Electronic
Frontier Foundation (Aug. 8, 2005)
44Terrorist Screening Database (TSDB) of the
Terrorist Screening Center (TSC)
- Aggregates numerous government watch-lists
- In 2005, TSDB had over 200,000 names, ranging
from known terrorists to persons suspected of
having some ties to terrorism - Each name receives one of 28 codes, describing
persons connection to terrorism - Names are categorized according to the actions
users should take when encountering someone on
list
45Total Information Awareness (TIA)
- Computer surveillance system proposed by
Department of Defense - Would have used data mining and networking to
connect sources of information including - Credit card purchases
- Bank transactions
- E-mail
- Shut down by Congress in 2003
46US-VISIT
- Project of US Department of Homeland Security to
develop biometric-enabled system for collecting,
maintaining, and exchanging information on
foreign nationals - 340 million budgeted for FY2005
47Conclusion
- Government and corporations are using many
technologies for surveillance, invading privacy
in cyberspace and in the real world - Do citizens and consumers care?
- What can we do to protect our privacy and to
manage our digital identities and digital
reputations?
48For more information
- Contact Jeffrey Aresty, President,
Internetbar.org, jaresty_at_cyberspaceattorney.com - Articles on privacy-invading technologies and
public attitudes toward privacy invasions are
available now - Article on digital identity will be available
soon