Category Archives: Surveillance Capitalism

Boiling Privacy Frogs

I really wish that I understood more about psychology and the human condition. The behaviour that puzzles me over and over again and for which I have no explanation is our ability to observe something happening that is detrimental to us in every way and yet do nothing.

It is the “Boiling Frog Phenomenon” which was allegedly a 19th century science experiment where a frog was placed in a pan of boiling water, the frog quickly jumped out. However, when the frog was put in cold water and the water slowly boiled over time, the frog did not perceive the danger and just boiled to death. The hypothesis being that the change in temperature was so gradual that the frog did not realize it was boiling to death.

To demonstrate the same effect in terms of the privacy, surveillance, unwarranted government intrusion debate just trace the evolving public attitude to the J. Edgar Hoover’s Subversive Files, COINTELPRO, The Iraq WMD Lie, Snowden & PRISM, and WikiLeaks Vault 7.

I have come to the conclusion that in relation to our right to privacy that we are all frogs in tepid water, the temperature of which is starting to rise rapidly, and we have no intention of jumping out.

ENDS

The Laurel & Hardy of Cybersecurity

When Turnbull and Brandis shuffle off to some home for the bewildered in a few years it is all of us that will be left with the legacy of their carry-on.

Here are some of the victories that these two beauties have presided over, and they don’t even know how it works, not even a little bit:

In an effort to drag the continent out from under the “stupid boy” stereotype, the Lowy Institute for International Policy, has just attempted to polish a turd by proposing that despite everything “Australia might be on the right encryption-cracking track” after all.

“From a cyber security perspective, as Patrick Gray has pointed out, sufficient safeguards could be placed around these ‘updates’ to ensure that they couldn’t be reverse engineered – they wouldn’t need to be a ‘backdoor,’ open to abuse. And by focusing on a device rather than a specific app, the displacement effect, so obvious in focusing government efforts on just What’s App or Telegram, would not apply.

In theory then, this model appears promising. How closely it aligns with the legislation promised by Turnbull and George Brandis last week remains to be seen. But whichever legislative model Australia pursues, its progress will be watched closely by governments across the world. And of course, by a whole host of technology and communications companies.

Recent developments suggest that underneath the techno-babble, political point scoring and counter-terrorism blame game, governments the world over are faced by a very real policy problem. Australia may prove to be the test case for a policy solution that has far reaching consequences for privacy, technological development and the future of law enforcement operations.”

Try again gents.

ENDS

Australia Is A Proxy War for the Five Eyes & Also Hogwarts

The Aussie government is pushing a Five Eyes agenda. Australia seems to have become a proxy war in the ongoing assault on privacy. They are to the Surveillance Wars what Yemen is to the Saudi-Iran ideological conflict. It is always a good idea to vary the cast but in reality they are May acolytes. A testing ground.

The amount of nonsense emanating from the encryption debate Down Under though is astonishing. If you have not been keeping up to speed with some of the recent comments down under then here is a quick recap for you:

  1. The George Brandis metadata interview;
  2. George again (36th Attorney-General for Australia) and the summary of his “over a cuppa” conversation with the GCHQ chappie on the feasibility of reading messages sent by platforms implementing end to end encryption such as WhatsApp and Signal – “Last Wednesday I met with the chief cryptographer at GCHQ … And he assured me that this was feasible.”;
  3. Malcolm Turnbull (the Prime Minister) and his alternative theory on the exceptional laws that govern Australian reality “Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only laws that applies in Australia is the law of Australia”;
  4. And a much more eloquent articulation by Troy Hunt of the whole phenomenon “Firstly, a quick apology from Australia: we’re sorry. Look, our Prime Minister and Attorney General didn’t try to launch us onto the World Encryption Comedy Stage but unfortunately, here we are.

In an effort to find something of the same equivalence on the stupidity index as 1-3 above I chose to google “Harry Potter and places where the laws of mathematics do not apply, excluding Australia and Hogwarts”.

One of the things that I found in the search results was the perfectly reasonably comment by a HP fan on a Reddit forum that “Gamp’s Laws of Transfiguration and the Fundamental Laws of Magic spring to mind, they’re pretty much what you can and can’t do with magic. They’re a lot like Newton’s Laws in that they both deal with nature.

This guy really meant it and so did the other guys he was chatting with. They all really, really believed or rather really, really wanted to believe that it was all real and true and factual.

Just like Brandis and Turnbull believe.

Totally lost in a universe of their own creation where mathematics and people work differently.

And then I found a scholarly dissertation by Shevaun Donelli O’Connell of Indiana University of Pennsylvania titled “Harry Potter and the Order of the Metatext: A Study of Nonfiction Fan Compositions and Disciplinary Writing

” which said on P.24 that “I already knew that Harry Potter was an important part of my relationships with my family and friends, but increasingly I realized that Harry Potter metaphors and analogies were working their way into my thinking and teaching about writing.“.

And there it was. The struggle is real. It seems many, many people are having trouble distinguishing fantasy from reality.

Christ help us when VRSNs arrive on the scene.

ENDS

The CIA Dark Triad – Windows, macOS & Linux

According to the WikiLeaks Vault 7 dump the CIA deploys malware that includes the capability to hack, remotely view and/or clone devices running the Windows, macOS, and Linux operating systems.

This seems to suggest that the agency has no problem bypassing encryption, proxies, VPN and that Tor anonymity is a myth.

This does not mean that each of the point solutions offering a product under each of the above headings have been compromised. Rather it means that the OS level hack capability of the CIA – as seen on iOS and Android – means that they can gain full control of the device and render any point solution counter measures moot.

Therefore they subvert the platform which by extension means that anything that is running on the platform is subverted.

Tablet, laptop, smart-phone, AV device – it seems they are all fair game and in that case so is everything that you do on them.

You have been warned.

You are being watched.

ENDS

Mass Surveillance & The Oxford Comma Analogy

Acknowledgments, Contributions & References: This blog post was written in collaboration with and using contributions from Mr. Dean Webb (find Dean’s profile on PeerLyst). The clever and insightful bits are all Dean, the space fillers and punctuation are mine – except the “Oxford Comma” analogy, which even though it is lifted from @Grammarly on Twitter, is mine – and I like it (a lot). Enjoy.

Who Do We Like, Who Do We Dislike (Today)

Wearable tech is on its way, for surveillance during times when one is away from the vidscreen. But we need this stuff in order to protect against Eurasia. We have always been at war with Eurasia. We will always be at war with Eurasia until 20 January, at noon. Then we will always have been at war with Eastasia. And then we will need all this stuff to protect against Eastasia.

On a more serious note, anonymity has been dead for quite some time. As an example, about 10 years ago Dean Webb was running a web forum for students involved in an academic competition.

He and other teachers had volunteered to be admins for the board. They had a student that began to harass others on the board and post some highly inappropriate material. They banned his account, and he would connect again with another account.

So, Dean took down the IP addresses he’d used for his accounts and did a quick lookup on their ownership. They were at a certain university, so he contacted that university with the information and the times of access and they were able to determine which student was involved.

He was told to stop posting, or face discipline at the university. That got him to stop.

Simple Methods, Complex Implications

The point is, that IP address and timestamp for most people is going to be what gets them in the end. They don’t know what a VPN is from a hole in the ground, let alone what a TOR node is.

At best, most of them will use a browser in anonymous / incognito mode, without realising that cookies are still retained and updated, credit card transactions remain on the record, and ISPs will still retain IP address information with timestamps.

It could be argued that a Layer 2 hijacking of someone else’s line is the way to go anonymously, but that involves a physical alteration of someone’s gear, and that means physical evidence, which is very difficult to erase completely.

Even if anonymity is not completely dead (mostly dead, perhaps?), it is certainly outside the reach of most people because they lack general IT knowledge about the basics of the Internet.

I (Graham) was met with the following comment when I posted a tweet some time before Xmas 2016 about Identity Theft:

“despite the hysteria the theft of most peoples personal information is / will be inconsequential”

The use of the word “inconsequential” by the commenter on my post reminded me of the hilarious Doctor Evil therapy session monologue in the Austin Powers movie when Doctor Evil stated, when asked about his life, that “the details of my life are quite inconsequential”. But 60 seconds of monologue later it was quite clear that they were far from “inconsequential” – it is a matter of perspective as to what is and what is not. That is the problem. And that is the potential worry.

Threat Awareness & Counter Measures

The vast majority of people and their browsing habits are innocuous. The point though that the comment misses and which is the point that Dean makes in his comments about the average John Q. Citizen’s awareness of the threats and the countermeasures available is that the public in general has moved their private communications on to a platform where they do not understand the implications of the ability of externals to eavesdrop or to store and reference data at a future point.

There was a blog post I (Graham) made some time ago about the risk of “profiling” and of “false positives” and the threat that they posed especially with respect to miscarriages of justice. (See “The Sword of Islam” story below)

The point is not whether “the theft of most peoples personal information is / will be inconsequential” or the storage of most peoples browsing history or contacts with other parties is / will be inconsequential or not – the point is that it can be made to look very different to what was actually happening originally.

Like a misquoted partial comment in a newspaper article – actions taken out of context can look very different.

The Oxford Comma Analogy

Recently I posted a tweet about the Oxford comma and it does indirectly inform the point that I am trying to make here:

Excerpt begins from Grammarly

“Unless you’re writing for a particular publication or drafting an essay for school, whether or not you use the Oxford comma is generally up to you. However, omitting it can sometimes cause some strange misunderstandings.

“I love my parents, Lady Gaga and Humpty Dumpty.”

Without the Oxford comma, the sentence above could be interpreted as stating that you love your parents, and your parents are Lady Gaga and Humpty Dumpty. Here’s the same sentence with the Oxford comma:

“I love my parents, Lady Gaga, and Humpty Dumpty.”

Those who oppose the Oxford comma argue that rephrasing an already unclear sentence can solve the same problems that using the Oxford comma does. For example:

“I love my parents, Lady Gaga and Humpty Dumpty.”

could be rewritten as:

“I love Lady Gaga, Humpty Dumpty and my parents.”

Excerpt Ends

The analogy serves to demonstrate one of the main concerns of mass surveillance and mass retention of user data. People are now being profiled and tracked and their behaviours stored and analysed and they do not know why or by whom or for what purpose – they barely understand how to use a browser.

In the wrong hands that potentially makes them cannon fodder. Accuse me of being alarmist and dramatic – fair enough – so did everyone four years ago when I wrote about mass immigration as a weapon, the rise of radical Islam and the dangers of the USA supporting a sectarian Shi’a government in Baghdad, the marginalisation of Sunnis and the Ba’ath party, the randomness of the Arab Spring, the threat of Libya turning into a terrorist haven and so on.

The point is people ignore these developments at their peril but you may as well be talking to a concrete block. You can make all the compelling philosophical points that you like to someone but if they do not have the capacity to understand them then you are wasting your time.

And most of our politicians fall into that category.

Mass Profiling, Mass Surveillance Will Be Inconsequential Until It Isn’t

Dean once met a man named Saifal Islam. He has a devil of a time getting on an airplane because a terror group has the same name – “Sword of Islam”.

He is constantly explaining that the man (him) isn’t the group (them) and that he’s had his name longer than they’ve had theirs. That, yes, the group (them) should be banned from getting on airplanes, but that, no, the man (him) should be allowed on the plane.

Hell of a false positive, and that’s not the only one. Mismatches on felon voting lists, warrants served to the wrong address for no-knock police invasions, people told that they can’t renew driver’s licenses because they’re dead, the list goes on.

Be happy in the knowledge though that your data is apparently “inconsequential” and this privacy debate and the growing intrusion on your personal life is all “hysterical” alarmism.

You can use that statement when you are in the dock defending your very own hysterical “false positive” – no charge.

The next post will be “KarmaWare & Thieves of Thoughts” again in collaboration with Mr. Dean Webb.

ENDS

Orwell 4.0: The Stealth Advance of Kinematic Fingerprinting & Emotion Detection for Mass Manipulation

I increasingly find myself developing a “Luddite” mindset where unregulated VRSNs are concerned. Digital footprinting is becoming passé. The core toolset of mass surveillance is beginning a fundamental shift whose focus is less about observation than it is about manipulation. I like to call it “Orwell 4.0”.

The “interpretative” and retrospective analysis of fibre optic intercepts, metadata, watchwords and data mining for pattern matches in legacy (cubed), “delayed” time or real time data to establish probabilities of certain types of subject behaviours is being augmented by Kinematic Fingerprinting, Biophysical Activity (and the sub-field of Thought Recognition), Emotion Detection, and Behavioural Biometrics.

[Data collection / mining apps in use by Alphabet Agencies have been well covered on this blog and include XKeyscore;  PRISM; ECHELON; Carnivore; DISHFIRE; STONEGHOST; Tempora; Frenchelon; Fairview; MYSTIC; DCSN; Boundless; Informant; BULLRUN; PINWALE; Stingray; SORM; DANCINGOASIS; SPINNERET; MOONLIGHTPATH; INCENSER; AZUREPHOENIX] 

A sort of post-Orwellian “Big Bro” application of subliminal advertising is emerging but this way round the subliminal message is not directed at the product preferences of a consumer but rather the individuals social, economic and political affiliations, opinions and reactions.

Where does this sit with the Federal Communications Commission findings over forty years ago that declared subliminal advertising “contrary to the public interest” because it involved “intentional deception” of the public.

It seems “intentional deception” is about to go mainstream with the support of the likes of Zuckerberg but now with a far more sinister raison d’être.

Are You In A Virtual Police State?

A pretty loose and old list of factors that can help to determine where a nation lies on The Electronic Police State standings does serve to demonstrate the arrival of these new “tools” (by their complete absence in the list):

  1. Daily Documents Requirement of state-issued identity documents and registration;
  2. Border Issues Inspections at borders, searching computers, demanding decryption of data;
  3. Financial Tracking State’s ability to search and record all financial transactions: Checks, credit card use, wires, etc;
  4. Gag Orders Criminal – penalties if you tell someone the state is searching their records;
  5. Anti-Crypto Laws Outlawing or restricting cryptography;
  6. Constitutional Protection – A lack of constitutional protections for the individual, or the overriding of such protections;
  7. Data Storage Ability – The ability of the state to store the data they gather;
  8. Data Search Ability – The ability to search the data they gather;
  9. ISP Data Retention States forcing Internet Service Providers to save detailed records of all their customers’ Internet usage;
  10. Telephone Data Retention States forcing telephone companies to record and save records of all their customers’ telephone usage;
  11. Cell Phone Records States forcing cellular telephone companies to record and save records of all their customers’ usage;
  12. Medical records States demanding records from all medical service providers and retaining the same;
  13. Enforcement Ability The state’s ability to use overwhelming force (exemplified by SWAT Teams) to seize anyone they want, whenever they want;
  14. Habeus Corpus Lack of habeus corpus – the right not to be held in jail without prompt due process. Or, the overriding of such protections;
  15. Police-Intel Barrier The lack of a barrier between police organizations and intelligence organizations. Or, the overriding of such barriers;
  16. Covert Hacking State operatives removing – or adding! – digital evidence to/from private computers covertly. Covert hacking can make anyone appear as any kind of criminal desired;
  17. Loose Warrants Warrants issued without careful examination of police statements and other justifications by a truly independent judge.

The NextGen Counter Measures Are Proactive Before The “Thought” Emerges

The background to these “new” tools are broadly discussed in Developing Next-Generation Countermeasures for Homeland Security Threat Prevention (Advances in Information Security, Privacy, and Ethics) (Publisher: IGI Global; 1 edition (August 30, 2016) Language: English ISBN-10: 1522507035 ISBN-13: 978-1522507031) by Maurice Dawson an Assistant Professor of Information Systems (Cyber Security) at the College of Business Administration at University of Missouri- St. Louis. Read the e-book abstract.

The author examines the concept of IoT to design the “novel” (his words) security architectures for multiple platforms for surveillance purposes.

The traditional tools of mass surveillance lack one very frightening feature that the emerging tech delivers in abundance – interference, conditioning and “attitude” programming – this blog post was inspired by an article in The Intercept titled “THE DARK SIDE OF VR: Virtual Reality Allows the Most Detailed, Intimate Digital Surveillance Yet“.

Traditional mass surveillance will ultimately be relegated to a support role by the emerging tech of augmented and virtual reality with the assistance of covert biometric data acquisition, facial and gait recognition data also extracted covertly from “innocuous” social media posts and AR/VR interactions on VRSN’s.

[which is not a new field in Perception and PsychoPhysics see Person Identification from Biological Motion – Structural and Kinematic but the ability to “collect” this data in a more sophisticated and reliable way (in the form of 3D visualization via AR, VR & AI) makes it all the more useful for less progressive purposes]

And of course the “carrot & stick” tools that will look to alter subjects attitudes and opinions by harvesting emotional responses (using retina-tracking for example) and “cleansing” these attitudes and opinions to what is the “preferred” [state] response / opinion / attitude / reaction (or more likely lack of reaction).

[As one chief data scientist at an unnamed Silicon Valley company told Harvard business professor Shoshanna Zuboff: “The goal of everything we do is to change people’s actual behavior at scale. … We can capture their behaviors, identify good and bad behaviors, and develop ways to reward the good and punish the bad.”] – The Secrets of Surveillance Capitalism; 05.03.2016, von SHOSHANA ZUBOFF.]

A research team* at one of my Alma Mater’s Dublin City University wrote a paper in 2014 that postulated that with AR, VR and AI in VRSN’s that subjects and their world view could be tweaked or changed.

The paper discussed how the field of VR is rapidly converging with the social media environment. The paper titled “The Convergence of Virtual Reality and Social Networks: Threats to Privacy and Autonomy” is summarized by the US National Library of Medicine National Institutes of Health in an abstract as follows:

[“The rapid evolution of information, communication and entertainment technologies will transform the lives of citizens and ultimately transform society. This paper focuses on ethical issues associated with the likely convergence of virtual realities (VR) and social networks (SNs), hereafter VRSNs. We examine a scenario in which a significant segment of the world’s population has a presence in a VRSN. Given the pace of technological development and the popularity of these new forms of social interaction, this scenario is plausible. However, it brings with it ethical problems. Two central ethical issues are addressed: those of privacy and those of autonomy. VRSNs pose threats to both privacy and autonomy. The threats to privacy can be broadly categorized as threats to informational privacy, threats to physical privacy, and threats to associational privacy. Each of these threats is further subdivided. The threats to autonomy can be broadly categorized as threats to freedom, to knowledge and to authenticity. Again, these three threats are divided into subcategories. Having categorized the main threats posed by VRSNs, a number of recommendations are provided so that policy-makers, developers, and users can make the best possible use of VRSNs.”]

Using VRSN Scenarios for Thought Manipulation & Conditioning

VRSN scenario manipulations are well suited to programming behaviour as well as altering opinion in the “target” or what we used to call the “user”. The “user” tag is no longer accurate in my opinion because the function of the “user” is to extract value from the experience. The “user” in now the “interactor”. In the new scenarios the value extraction (or injection) is enjoyed by the “publisher” or “controller”. [For publisher substitute “government”, “alphabet agency” or “despot”] – the emergent field of surveillance politics and mass manipulation.

The preferred “interactor” attitude and ultimate acceptance/agreement with ideas, opinions, reactions and points of view can be engineered by programming avatar responses to concepts in the form of gestures and facial expressions in response to these stimuli (simple applications being “happy”, “sad”, “neutral”, “angry” avatar responses).

When exposed to subject matter the VRSN can gauge the “interactors” opinions in broad terms using the analysis of the “interactors” emotional responses via eye-tracking or emotion capture and send the avatar the preferred reaction in line with the preferred opinion that the “controller” wishes the “interactor” to hold – if the kinematic fingerprinting suggests that the “interactor” does not hold the “correct” opinion.

The reality is that VRSN’s actual knowledge of the “interactors” affiliations increases exponentially over time as do the metrics which show the successful alteration / cleansing of these “opinions” over time and the A/B testing of experimental methods to produce that result in a “target”.

In an apparent contradiction the VRSN sort of goes back to the “old world” school of line of sight observation of a surveillance “target” (replacing digital footprints) but with one major difference – the observation is paired with “alteration” capabilities – all delivered while you enjoy your leisure time playing in your VRSN. Brave new virtual world.

The Convergence of Virtual Reality and Social Networks: Threats to Privacy and Autonomy Authors:

*Institute of Ethics, Dublin City University, Dublin, Ireland. Fiachra.obrolchain@dcu.ie. *Institute of Ethics, Dublin City University, Dublin, Ireland. tim.jacquemard@dcu.ie. *Insight Centre for Data Analytics, Dublin, Ireland. david.monaghan@insight-centre.org. *Insight Centre for Data Analytics, Dublin, Ireland. noel.oconnor@insight-centre.org. *Institute of Ethics, Dublin City University, Dublin, Ireland. pnovitzky@gmail.com. *Institute of Ethics, Dublin City University, Dublin, Ireland. bert.gordijn@dcu.ie.

The Convergence of Virtual Reality and Social Networks: Threats to Privacy and Autonomy References