security

MTA to install 2 surveillance cameras on every subway car

MTA to install 2 surveillance cameras on every subway car:

The 13,000 cameras, which cost a total of $5.5 million, will be installed on 6,455 subway cars over the next three years.

Hochul said she hopes the surveillance will result in more people choosing to ride the subway, where ridership remains down 37% on weekdays – despite reaching a post-pandemic high just last week.

“You think Big Brother is watching you on the subways, you’re absolutely right. That is our intent,” Hochul said. “We are going to be having surveillance of activities on the subway trains and that is going to give people great peace of mind. If you’re concerned about this, best answer is don’t commit any crimes on the subways.”

The MTA already has 10,000 cameras in all 472 of its subway stations.

[I recently noted other privacy intrusions in the Subway system. Taking the Subway in NYC might be one of the most intrusive experiences ever soon enough.]

The MTA’s switch to OMNY machines is a privacy nightmare

The MTA’s switch to OMNY machines is a privacy nightmare:

Cards like the ones these new machines will be supplying are likely to follow the model of other Cubic Corp. cards, including San Francisco’s Clipper and London’s Oyster cards. The OMNY card will likely have a persistent identifier that makes tracking people throughout the city an easy task.

Tying those journeys to a real name and personal information becomes significantly easier if you link that card, or a phone or credit card, with an OMNY account. Accounts have users’ names, payment information, and every web tracker and cookie the OMNY account management site might decide to deploy—along with data scraped from social media—associated with their method of entry. 

While the MTA’s MetroCard is also run by Cubic, that system was deployed in 1991 and doesn’t have quite the same tracking capabilities. Transit justice organization TransitCenter reported that the MTA has stated OMNY will give the city “near-instantaneous” reporting on rider tap-ins and travel, an improvement from weeklong delays for MetroCard data. Tap-to-pay with a phone leverages near-field communication (NFC) technology, a system with its own issues that exacerbate the OMNY system’s existing privacy concerns. 

Who will they share this new trove of data with? The current legal landscape and previous experience with Cubic tells us that warrantless access to this data is both permitted and commonly exercised.

[It’s gettin’ so that you can’t do nothing in peace anymore…]

NEXTDRAFT: The Mother Load

The Mother Load:

Just remember that Trump stole our documents after leading a violent attempt to overthrow our election. There were no redactions in that much bigger crime. We all saw it with our own eyes. Speaking of what we already know, the Feds wanted the redactions in part because “if witnesses’ identities are exposed, they could be subjected to harms including retaliation, intimidation, or harassment, and even threats to their physical safety.” We’ve seen this happen already, too.

[I want to know what the plan was for all these documents. Why was Trump hanging on to them?]

Two short AirPods “Find My” stories

Two short AirPods “Find My” stories:

The first one is about finding an AirPod in the snow. Follow the headline link to read.

But the second one is down in the comments, quoted here:

Their pods + case would always stay hidden away in their car, hidden from view and wirelessly charging for whatever place they were going to.

One day they went missing and that was that …until he was told about the Find My function.

Lo and behold, it registered in the app! And they went on to search for it.

It was at a car wash. When they told the boss about what they were doing on the premises, he went and rooted around for it himself and eventually found an employee wearing them.

Find My is brilliant.

∞ Read this on The Loop

[There is reasonable security in that you get notifications if someone leaves their AirPods near you, whether accidentally or as a spur of the moment attempt to track someone.]

Source: The Loop

DuckDuckGo in 2021: Building the Privacy Super App

DuckDuckGo in 2021: Building the Privacy Super App:

Like we’ve done on mobile, DuckDuckGo for desktop will redefine user expectations of everyday online privacy. No complicated settings, no misleading warnings, no “levels” of privacy protection – just robust privacy protection that works by default, across search, browsing, email, and more. It’s not a “privacy browser”; it’s an everyday browsing app that respects your privacy because there’s never a bad time to stop companies from spying on your search and browsing history.

[This is great news…]

NY State bill that bans the sale of smartphones

Why Apple Defends Encryption:

Now is the time when we get to decide if we have a right to privacy and security, and the limits of our government for the digital age. It won’t happen because of public statements by tech leaders. No, it’s up to us to make our opinions about online privacy and security known to our elected representatives, in order to determine the limits of policing (and protecting) by consent.

In fact, you have an opportunity to weigh in right now. A bill has been introduced in New York State that would ban the sale of smartphones within the state unless they can be decrypted and unlocked by the manufacturer. It’s astonishingly misguided, and for those who want express their disbelief that elected representatives could be so ignorant of technology (and geography), you can set up an account with the New York State Senate, vote against it, and even leave comments.

Then, just sit back and wait for the next ignorant statement or misguided piece of legislation, because these issues aren’t going to be resolved easily, quickly, or definitively.

[I’ve nothing to add here. Go let your feelings be known!]

The Internet With A Human Face

The Internet With A Human Face:

Public and private surveillance are in a curious symbiosis with each other.

A few weeks ago, the sociologist Janet Vertesi gave a talk about her efforts to keep Facebook from learning she was pregnant. Pregnant women have to buy all kinds of things for the baby, so they are ten times more valuable to Facebook’s advertisers.

At one point, Vertesi’s husband bought a number of Amazon gift cards with cash, and the large purchase triggered a police warning. This fits a pattern where privacy-seeking behavior has become grounds for suspicion. Try to avoid the corporate tracking system, and you catch the attention of the police instead.

As a wise man once said, if you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.

But there are also dangerous scenarios that don’t involve government at all, and that we don’t talk enough about.

I’ll use Facebook as my example. To make the argument stronger, let’s assume that everyone currently at Facebook is committed to user privacy and doing their utmost to protect the data they’ve collected.

What happens if Facebook goes out of business, like so many of the social networks that came before it? Or if Facebook gets acquired by a credit agency? How about if it gets acquired by Rupert Murdoch, or taken private by a hedge fund?

What happens to all that data?

[Great piece. Beautifully expresses so many of my worries about the current trend in technology.]

Surveillance by Algorithm

Surveillance by Algorithm:

Indeed, ever since Snowden provided reporters with a trove of top secret documents, we’ve been subjected to all sorts of NSA word games. And the word “collect” has a very special definition, according to the Department of Defense (DoD). A 1982 procedures manual (pdf; page 15) says: “information shall be considered as ‘collected’ only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties.” And “data acquired by electronic means is ‘collected’ only when it has been processed into intelligible form.”

Director of National Intelligence James Clapper likened the NSA’s accumulation of data to a library. All those books are stored on the shelves, but very few are actually read. “So the task for us in the interest of preserving security and preserving civil liberties and privacy,” says Clapper, “is to be as precise as we possibly can be when we go in that library and look for the books that we need to open up and actually read.” Only when an individual book is read does it count as “collection,” in government parlance.

So, think of that friend of yours who has thousands of books in his house. According to the NSA, he’s not actually “collecting” books. He’s doing something else with them, and the only books he can claim to have “collected” are the ones he’s actually read.

This is why Clapper claims — to this day — that he didn’t lie in a Senate hearing when he replied “no” to this question: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”

If the NSA collects — I’m using the everyday definition of the word here — all of the contents of everyone’s e-mail, it doesn’t count it as being collected in NSA terms until someone reads it. And if it collects — I’m sorry, but that’s really the correct word — everyone’s phone records or location information and stores it in an enormous database, that doesn’t count as being collected — NSA definition — until someone looks at it. If the agency uses computers to search those emails for keywords, or correlates that location information for relationships between people, it doesn’t count as collection, either. Only when those computers spit out a particular person has the data — in NSA terms — actually been collected.

[How broken is a system that allows people to hide behind lies of omission rather than demanding common use, or explain their definition. Sad.]

Schneier on Security: Choosing Secure Passwords

Schneier on Security: Choosing Secure Passwords:

Last year, Ars Technica gave three experts a 16,000-entry encrypted password file, and asked them to break as many as possible. The winner got 90% of them, the loser 62% — in a few hours. It’s the same sort of thing we saw in 2012, 2007, and earlier. If there’s any new news, it’s that this kind of thing is getting easier faster than people think.

[It’s not going to get easier for a while…]

The Surveillance Age

The Cassandra Version:

My hope — my expectation, even — for 2014 is that the fog starts to lift.

As much as I like using the fog metaphor, the thing about surveillance is that there is no actual fog. You can’t see it. It’s everywhere and gets in everything, and it still looks like a sunny day on the internet.

But still.

[Now that are our eyes are open, and we continue to add to the piles of data companies like Amazon, Google, Twitter, etc. know about us and of course, the vast amounts of data the Government knows about us what do we do? As a technologist I have a few ideas of where I can make things better for some people. And that’s what I’m going to do.]