"On March 7, the US awoke to a fresh cache of internal CIA documents posted on WikiLeaks. They detail the spy organization’s playbook for cracking digital communications.

[...]

Snowden’s NSA revelations sent shockwaves around the world. Despite WikiLeaks’ best efforts at theatrics—distributing an encrypted folder and tweeting the password “SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds”—the Vault 7 leak has elicited little more than a shrug from the media and the public, even if the spooks are seriously worried. Maybe it’s because we already assume the government can listen to everything."

Source: https://qz.com/930512/the-most-striking-th...

We train the machine so well, and it's use so ubiquitous, that it can become invisible: Google is making CAPTCHAs invisible using "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats," Ars Technica reports. Emphasis added.

"The old reCAPTCHA system was pretty easy -- just a simple "I'm not a robot" checkbox would get people through your sign-up page. The new version is even simpler, and it doesn't use a challenge or checkbox. It works invisibly in the background, somehow, to identify bots from humans. [...] When sites switch over to the invisible CAPTCHA system, most users won't see CAPTCHAs at all, not even the "I'm not a robot" checkbox. If you are flagged as "suspicious" by the system, then it will display the usual challenges.
[...]
reCAPTCHA was bought by Google in 2009 and was used to put unsuspecting website users to work for Google. Some CAPTCHA systems create arbitrary problems for users to solve, but older reCAPTCHA challenges actually used problems Google's computers needed to solve but couldn't. Google digitizes millions of books, but sometimes the OCR (optical character recognition) software can't recognize a word, so that word is sent into the reCAPTCHA system for solving by humans. If you've ever solved a reCAPTCHA that looks like a set of numbers, those were from Google's camera-covered Street View cars, which whizz down the streets and identify house numbers. If the OCR software couldn't figure out a house number, that number was made into a CAPTCHA for solving by humans. The grid of pictures that would ask you to "select all the cats" was used to train computer image recognition algorithms."

Source: https://arstechnica.com/gadgets/2017/03/go...
Posted
AuthorJordan Brown

"WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. Password to the files is ' SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds'.

The documents reveal that the CIA worked with MI5 in the UK to infect Samsung smart TVs so their microphones could be turned on at will. Investigations were carried out into gaining control of modern cars and trucks, and there is even a specialized division of the CIA focused on accessing, controlling and exploiting iPhones and iPads. This and Android zero days enables the CIA to "to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied."

Source: https://www.wikileaks.org/ciav7p1/

"....As technology becomes smaller, the way we carry it has progressed from luggable, to wearable and now towards devices that reside inside the human body, or insertables. This trend is particularly observable in many medical devices, such as pacemakers that were once large stand-alone devices and are now completely inserted into the body. We are now seeing a similar trajectory with non-medical systems. While people once carried keys to open office doors, these have been mostly replaced with wearable access dongles, worn around the neck or clipped to clothing. Some individuals have voluntarily taken the technology from these dongles and inserted it directly into their body. In this paper we introduce insertables as a new interaction device of choice and provide a definition of insertables, classifying emerging and near future devices as insertables. This paper demonstrates this trajectory towards devices inside the human body, and carves out insertables as a specific subset of devices which are voluntary, non-surgical and removable."

Read more at http://www.firstmonday.dk/ojs/index.php/fm/article/view/6214/5970

Posted
Authoralexanderhayes
Categoriesinsertables

"If you pull out your phone to check Twitter while waiting for the light to change, or read e-mails while brushing your teeth, you might be what the American Psychological Association calls a “constant checker.” And chances are, it’s hurting your mental health.

Last week, the APA released a study finding that Americans were experiencing the first statistically significant stress increase in the survey’s 10-year history. In January, 57 percent of respondents of all political stripes said the U.S. political climate was a very or somewhat significant source of stress, up from 52 percent who said the same thing in August. On Thursday, the APA released the second part of its 1 findings, “Stress In America: Coping With Change,” examining the role technology and social media play in American stress levels.

Social media use has skyrocketed from 7 percent of American adults in 2005 to 65 percent in 2015. For those in the 18-29 age range, the increase is larger, from 12 percent to a remarkable 90 percent. But while an increase in social media usage is hardly surprising, the number of people who just can’t tear themselves away is stark: Nowadays, 43 percent of Americans say they are checking their e-mails, texts, or social media accounts constantly. And their stress levels are paying for it: On a 10-point scale, constant checkers reported an average stress level of 5.3. For the rest of Americans, the average level is a 4.4.

If the first step toward recovery, however, is admitting there is a problem, Americans are on their way. Some 65 percent of respondents said “unplugging” or taking a “digital detox” is important. But alas, knowing you have a problem is not the same as fixing it: Only 28 percent of those Americans say they take their own advice." 

Source: https://www.bloomberg.com/news/articles/20...
Posted
AuthorJordan Brown

"General Electric will put cameras, microphones, and sensors on 3,200 street lights in San Diego this year, marking the first large-scale use of "smart city" tools GE says can help monitor traffic and pinpoint crime, but raising potential privacy concerns.

Based on technology from GE's Current division, Intel and AT&T, the system will use sensing nodes on light poles to locate gunshots, estimate crowd sizes, check vehicle speeds and other tasks, GE and the city said on Wednesday. The city will provide the data to entrepreneurs and students to develop applications.

Companies expect a growing market for such systems as cities seek better data to plan and run their operations. San Diego is a test of "Internet of things" technology that GE Current provides for commercial buildings and industrial sites.

San Diego's city council approved the lighting in December, without discussion of potential privacy issues raised by the surveillance system, and no objections arose during a pilot that began in 2014 in downtown San Diego, Lebron said.

"It's anonymous data with no personal identifiers," she said. Video is not as detailed as security camera footage.

The San Diego Police Department already uses ShotSpotter, a gunfire detection system, to help solve crimes, Lebron said. San Francisco, Chicago and more than 40 other cities use ShotSpotter, according to the company's website.

GE hopes cities will make the data available to businesses. Current's data and open software platform should allow programmers to develop applications, said John Gordon, chief digital officer at GE Current: "Everything from traffic and parking problems to finding the quietest way to walk home and have a cell phone conversation."

Source: http://fortune.com/2017/02/22/san-diego-ge...

"A German government watchdog has ordered parents to “destroy” an internet-connected doll for fear it could be used as a surveillance device. According to a report from BBC News, the German Federal Network Agency said the doll (which contains a microphone and speaker) was equivalent to a “concealed transmitting device” and therefore prohibited under German telecom law.

The doll in question is “My Friend Cayla,” a toy which has already been the target of consumer complaints in the EU and US. In December last year, privacy advocates said the toy recorded kids’ conversations without proper consent, violating the Children’s Online Privacy Protection Act.

Cayla uses a microphone to listen to questions, sending this audio over Wi-Fi to a third-party company (Nuance) that converts it to text. This is then used to search the internet, allowing the doll to answer basic questions, like “What’s a baby kangaroo called?” as well as play games. In addition to privacy concerns over data collection, security researchers found that Cayla can be easily hacked. The doll’s insecure Bluetooth connection can be compromised, letting a third party record audio via the toy, or even speak to children using its voice.

Although the FTC has not yet taken any action against Cayla or its makers Manufacturer Genesis Toys, German data and privacy laws are more stringent than those in America. The legacy of the Stasi, the secret police force that set up one of the most invasive mass-surveillance regimes ever in Communist East Germany, has made the country’s legislators vigilant against such infringements."

Source: http://www.theverge.com/2017/2/17/14647280...
Posted
AuthorJordan Brown

"When you browse online for a new pair of shoes, pick a movie to stream on Netflix or apply for a car loan, an algorithm likely has its word to say on the outcome.

The complex mathematical formulas are playing a growing role in all walks of life: from detecting skin cancers to suggesting new Facebook friends, deciding who gets a job, how police resources are deployed, who gets insurance at what cost, or who is on a "no fly" list.

Algorithms are being used—experimentally—to write news articles from raw data, while Donald Trump's presidential campaign was helped by behavioral marketers who used an algorithm to locate the highest concentrations of "persuadable voters."

But while such automated tools can inject a measure of objectivity into erstwhile subjective decisions, fears are rising over the lack of transparency algorithms can entail, with pressure growing to apply standards of ethics or "accountability."
 

Data scientist Cathy O'Neil cautions about "blindly trusting" formulas to determine a fair outcome.

"Algorithms are not inherently fair, because the person who builds the model defines success," she said.

O'Neil argues that while some algorithms may be helpful, others can be nefarious. In her 2016 book, "Weapons of Math Destruction," she cites some troubling examples in the United States:

- Public schools in Washington DC in 2010 fired more than 200 teachers—including several well-respected instructors—based on scores in an algorithmic formula which evaluated performance.

- A man diagnosed with bipolar disorder was rejected for employment at seven major retailers after a third-party "personality" test deemed him a high risk based on its algorithmic classification.

- Many jurisdictions are using "predictive policing" to shift resources to likely "hot spots." O'Neill says that depending on how data is fed into the system, this could lead to discovery of more minor crimes and a "feedback loop" which stigmatizes poor communities.

- Some courts rely on computer-ranked formulas to determine jail sentences and parole, which may discriminate against minorities by taking into account "risk" factors such as their neighborhoods and friend or family links to crime.

- In the world of finance, brokers "scrape" data from online and other sources in new ways to make decisions on credit or insurance. This too often amplifies prejudice against the disadvantaged, O'Neil argues.

Her findings were echoed in a White House report last year warning that algorithmic systems "are not infallible—they rely on the imperfect inputs, logic, probability, and people who design them."

Source: https://phys.org/news/2017-02-algorithms-s...

"Researchers at Stanford and Princeton universities have found a way to connect the dots between people’s private online activity and their Twitter accounts—even for people who have never tweeted.

When the team tested the technique on 400 real people who submitted their browsing history, they were able to correctly pick out the volunteers’ Twitter profiles nearly three-quarters of the time.

Here’s how the de-anonymization system works: The researchers figured that a person is more likely to click a link that was shared on social media by a friend—or a friend of a friend—than any other random link on the internet. (Their model controls for the baseline popularity of each website.) With that in mind, and the details of an anonymous person’s browser history in hand, the researchers can compute the probability that any one Twitter user created that browsing history. People’s basic tendency to follow links they come across on Twitter unmasks them—and it usually takes less than a minute.

“You can even be de-anonymized if you just browse and follow people, without actually sharing anything.”

Source: https://www.theatlantic.com/technology/arc...

"R&D company Draper is developing an insect control "backpack" with integrated energy, guidance, and navigation systems, shown here on a to-scale dragonfly model.

To steer the dragonflies, the engineers are developing a way of genetically modifying the nervous system of the insects so they can respond to pulses of light. Once they get it to work, this approach, known as optogenetic stimulation, could enable dragonflies to carry payloads or conduct surveillance..."

Source: http://spectrum.ieee.org/automaton/robotic...

"The Pentagon may soon be unleashing a 21st-century version of locusts on its adversaries after officials on Monday said it had successfully tested a swarm of 103 micro-drones.

The important step in the development of new autonomous weapon systems was made possible by improvements in artificial intelligence, holding open the possibility that groups of small robots could act together under human direction.

Military strategists have high hopes for such drone swarms that would be cheap to produce and able to overwhelm opponents' defenses with their great numbers.

The test of the world's largest micro-drone swarm in California in October included 103 Perdix micro-drones measuring around six inches (16 centimeters) launched from three F/A-18 Super Hornet fighter jets, the Pentagon said in a statement.

"The micro-drones demonstrated advanced swarm behaviors such as collective decision-making, adaptive formation flying and self-healing," it said.

"Perdix are not pre-programmed synchronized individuals, they are a collective organism, sharing one distributed brain for decision-making and adapting to each other like swarms in nature," said William Roper, director of the Pentagon's Strategic Capabilities Office. "Because every Perdix communicates and collaborates with every other Perdix, the swarm has no leader and can gracefully adapt to drones entering or exiting the team."

Defense Secretary Ash Carter—a technophile and former Harvard professor—created the SCO when he was deputy defense secretary in 2012.

The department is tasked with accelerating the integration of technological innovations into the US weaponry.

It particularly strives to marry already existing commercial technology—in this case micro-drones and artificial intelligence software—in the design of new weapons.

Originally created by engineering students from the Massachusetts Institute of Technology in 2013 and continuously improved since, Perdix drones draw "inspiration from the commercial smartphone industry," the Pentagon said."

Source: http://phys.org/news/2017-01-pentagon-succ...
Posted
AuthorJordan Brown

"Late last year, you were introduced to real, live, remote-controlled cockroaches. Well, the insect hackers at the North Carolina State University are at it again, this time with a Microsoft Kinect and a software program that can boss the bugs around without human input. In other words, we have successfully co-opted cockroach sovereignty — and given it to the machines.

The goal is to ultimately use this kind of technology to create armies of biobots capable of things bio-inspired robots can only dream of.

Now, instead of those impulses being controlled remotely by a human, they’re tapped into the software program, which takes cues from the Xbox Kinect’s tracking data. If the cockroach veers away from the target, the Kinect observes the change and relays it to the software, which in turn makes a split-second decision about how much correctional impulse should be sent to the roach. Longer stimulation is designed to produce more drastic correction, just like pulling hard on a steering wheel.

The results are pretty impressive. Their previous work with remote control yielded only about a 10 per cent success rate, but the new technology has bumped them up to 27 per cent. You can see it for yourself below with a roach that really seems to want nothing in the world but to turn right."

Source: http://www.slate.com/blogs/future_tense/20...
Posted
AuthorJordan Brown

"Could flashing the "peace" sign in photos lead to fingerprint data being stolen? Research by a team at Japan's National Institute of Informatics (NII) says so, raising alarm bells over the popular two-fingered pose. Fingerprint recognition technology is becoming widely available to verify identities, such as when logging on to smartphones, tablets and laptop computers. But the proliferation of mobile devices with high-quality cameras and social media sites where photographs can be easily posted is raising the risk of personal information being leaked, reports said. The NII researchers were able to copy fingerprints based on photos taken by a digital camera three meters (nine feet) away from the subject."

Source: https://phys.org/news/2017-01-japan-finger...
Posted
AuthorJordan Brown

"It comes as no surprise to any Facebook user that the social network gathers a considerable amount of information based on their actions and interests. But according to a report from ProPublica, the world’s largest social network knows far more about its users than just what they do online.

What Facebook can’t glean from a user’s activity, it’s getting from third-party data brokers. ProPublica found the social network is purchasing additional information including personal income, where a person eats out and how many credit cards they keep.

That data all comes separate from the unique identifiers that Facebook generates for its users based on interests and online behavior. A separate investigation by ProPublica in which the publication asked users to report categories of interest Facebook assigned to them generated more than 52,000 attributes.

The data Facebook pays for from other brokers to round out user profiles isn’t disclosed by the company beyond a note that it gets information “from a few different sources.” Those sources, according to ProPublica, come from commercial data brokers who have access to information about people that isn’t linked directly to online behavior."

From ProPublica:

"When asked this week about the lack of disclosure, Facebook responded that it doesn’t tell users about the third-party data because it’s widely available and was not collected by Facebook.

Facebook has been working with data brokers since 2012 when it signed a deal with Datalogix. This prompted Chester, the privacy advocate at the Center for Digital Democracy, to file a complaint with the Federal Trade Commission alleging that Facebook had violated a consent decree with the agency on privacy issues. The FTC has never publicly responded to that complaint and Facebook subsequently signed deals with five other data brokers.

Oracle’s Datalogix provides about 350 types of data to Facebook."

Source: http://www.ibtimes.com/facebook-privacy-so...
Posted
AuthorJordan Brown
You have the right to remain silent — but your smart devices might not.

Amazon’s Echo and Echo Dot are in millions of homes now, with holiday sales more than quadrupling from 2015. Always listening for its wake word, the breakthrough smart speakers boast seven microphones waiting to take and record your commands.

Now, Arkansas police are hoping an Echo found at a murder scene in Bentonville can aid their investigation.

First reported by The Information, investigators filed search warrants to Amazon, requesting any recordings between November 21 and November 22, 2015, from James A. Bates, who was charged with murder after a man was strangled in a hot tub.

While investigating, police noticed the Echo in the kitchen and pointed out that the music playing in the home could have been voice activated through the device. While the Echo records only after hearing the wake word, police are hoping that ambient noise or background chatter could have accidentally triggered the device, leading to some more clues.

Amazon stores all the voice recordings on its servers, in the hopes of using the data to improve its voice assistant services. While you can delete your personal voice data, there’s still no way to prevent any recordings from being saved on a server.

[...]

Even without Amazon’s help, police may be able to crack into the Echo, according to the warrant. Officers believe they can tap into the hardware on the smart speakers, which could “potentially include time stamps, audio files or other data.”

The investigation has focused on other smart devices as well. Officers seized Bates’ phone but were unable to break through his password, which only served to delay the investigation.

”Our agency now has the ability to utilize data extraction methods that negate the need for passcodes and efforts to search Victor and Bates’ devices will continue upon issuance of this warrant.”

Police also found a Nest thermostat, a Honeywell alarm system, wireless weather monitoring in the backyard and WeMo devices for lighting at the smart home crime scene.

Ultimately, it might have been information from a smart meter that proved to be the most useful. With every home in Bentonville hooked up to a smart meter that measures hourly electricity and water usage, police looked at the data and noticed Bates used an “excessive amount of water” during the alleged drowning.
Source: https://www.cnet.com/uk/news/police-reques...
First came the assault on privacy. Name, address, telephone, DOB, SSN, physical description, friends, family, likes, dislikes, habits, hobbies, beliefs, religion, sexual orientation, finances, every granular detail of a person’s life, all logged, indexed, analyzed and cross-referenced. Then came the gathering of location and communication data. Cell phones, apps, metro cards, license plate readers and toll tags, credit card use, IP addresses and authenticated logins, tower info, router proximity, networked “things” everywhere reporting on activity and location, astoundingly accurate facial recognition mated with analytics and “gigapixel” cameras and, worst of all, mindlessly self-contributed posts, tweets, and “check-ins,” all constantly reporting a subject’s location 24-7-365, to such a degree of accuracy that “predictive profiling” knows where you will likely be next Thursday afternoon. Today we are experiencing constant efforts to shred anonymity. Forensic linguistics, browser fingerprinting, lifestyle and behavior analysis, metadata of all types, HTML5, IPv6, and daily emerging “advances” in surveillance technologies - some seemingly science fiction but real - are combining to make constant, mobile identification and absolute loss of anonymity inevitable. And, now, predictably, the final efforts to homogenize: the “siloing” and Balkanization of the Internet. As Internet use becomes more and more self-restricted to a few large providers, as users increasingly never leave the single ecosystem of a Facebook or a Google, as the massive firehose of information on the Internet is “curated” and “managed” by persons who believe that they know best what news and opinions you should have available to read, see, and believe, the bias of a few will eventually determine what you believe. What is propaganda? What is truth? You simply won’t know. In a tradition dating back to the first HOPE conference, for three full hours Steven Rambam will detail the latest trends in privacy invasion and will demonstrate cutting-edge anonymity-shredding surveillance technologies. Drones will fly, a “privacy victim” will undergo digital proctology, a Q&A period will be provided, and fun will be had by all.
Source: https://www.youtube.com/watch?v=FHwl6AyL6j...
You could be on a secret government database or watch list for simply taking a picture on an airplane. Some federal air marshals say they’re reporting your actions to meet a quota, even though some top officials deny it.

The air marshals, whose identities are being concealed, told 7NEWS that they’re required to submit at least one report a month. If they don’t, there’s no raise, no bonus, no awards and no special assignments.

”Innocent passengers are being entered into an international intelligence database as suspicious persons, acting in a suspicious manner on an aircraft ... and they did nothing wrong,” said one federal air marshal.
Source: http://www.thedenverchannel.com/news/marsh...

"Foreign travelers arriving in the United States on the visa waiver program have been presented with an "optional" request to "enter information associated with your online presence," a government official confirmed Thursday. The prompt includes a drop-down menu that lists platforms including Facebook, Google+, Instagram, LinkedIn and YouTube, as well as a space for users to input their account names on those sites. The new policy comes as Washington tries to improve its ability to spot and deny entry to individuals who have ties to terrorist groups like the Islamic State. But the government has faced a barrage of criticism since it first floated the idea last summer. The Internet Association, which represents companies including Facebook, Google and Twitter, at the time joined with consumer advocates to argue the draft policy threatened free expression and posed new privacy and security risks to foreigners. Now that it is final, those opponents are furious the Obama administration ignored their concerns. The question itself is included in what's known as the Electronic System for Travel Authorization, a process that certain foreign travelers must complete to come to the United States. ESTA and a related paper form specifically apply to those arriving here through the visa-waiver program, which allows citizens of 38 countries to travel and stay in the United States for up to 90 days without a visa."

Source: http://www.politico.com/story/2016/12/fore...

"Earlier this year, [ZDNet was] sent a series of large, encrypted files purportedly belonging to a U.S. police department as a result of a leak at a law firm, which was insecurely synchronizing its backup systems across the internet without a password. Among the files was a series of phone dumps created by the police department with specialist equipment, which was created by Cellebrite, an Israeli firm that provides phone-cracking technology. We obtained a number of these so-called extraction reports. One of the more interesting reports by far was from an iPhone 5 running iOS 8. The phone's owner didn't use a passcode, meaning the phone was entirely unencrypted. The phone was plugged into a Cellebrite UFED device, which in this case was a dedicated computer in the police department. The police officer carried out a logical extraction, which downloads what's in the phone's memory at the time. (Motherboard has more on how Cellebrite's extraction process works.) In some cases, it also contained data the user had recently deleted. To our knowledge, there are a few sample reports out there floating on the web, but it's rare to see a real-world example of how much data can be siphoned off from a fairly modern device. We're publishing some snippets from the report, with sensitive or identifiable information redacted."

Source: http://www.zdnet.com/article/israeli-firm-...