Now Your Groceries See You, Too

CHICAGO – MAY 25: Coke products are offered for sale at a Walgreens store May 25, 2007 in Chicago, Illinois. Coca-Cola Company today announced it would purchase Glaceau, the makers of vitaminwater, for $4.1 billion in cash. (Photo by Scott Olson/Getty Images)

 

Walgreens is exploring new tech that turns your purchases, your movements, even your gaze, into data.

Walgreens is piloting a new line of “smart coolers”—fridges equipped with cameras that scan shoppers’ faces and make inferences on their age and gender. On January 14, the company announced its first trial at a store in Chicago in January, and plans to equip stores in New York and San Francisco with the tech.

Demographic information is key to retail shopping. Retailers want to know what people are buying, segmenting shoppers by gender, age, and income (to name a few characteristics) and then targeting them precisely. To that end, these smart coolers are a marvel.

If, for example, Pepsi launched an ad campaign targeting young women, it could use smart-cooler data to see if its campaign was working. These machines can draw all kinds of useful inferences: Maybe young men buy more Sprite if it’s displayed next to Mountain Dew. Maybe older women buy more ice cream on Thursday nights than any other day of the week. The tech also has “iris tracking” capabilities, meaning the company can collect data on which displayed items are the most looked at.

Crucially, the “Cooler Screens” system does not use facial recognition. Shoppers aren’t identified when the fridge cameras scan their face. Instead, the cameras analyze faces to make inferences about shoppers’ age and gender. First, the camera takes their picture, which an AI system will measure and analyze, say, the width of someone’s eyes, the distance between their lips and nose, and other micro measurements. From there, the system can estimate if the person who opened the door is, say, a woman in her early 20s or a male in his late 50s. It’s analysis, not recognition.

The distinction between the two is very important. In Illinois, facial recognition in public is outlawed under BIPA, the Biometric Privacy Act. For two years, Google and Facebook fought class-actions suits filed under the law, after plaintiffs claimed the companies obtained their facial data without their consent. Home-security cams with facial-recognition abilities, such as Nest or Amazon’s Ring, also have those features disabled in the state; even Google’s viral “art selfie” app is banned. The suit against Facebook was dismissed in January, but privacy advocates champion BIPA as a would-be template for a world where facial recognition is federally regulated.

Walgreens’s camera system makes note only of what shoppers picked up and basic information on their age and gender. Last year, a Canadian mall used cameras to track shoppers  and make inferences about which demographics prefer which stores. Shoppers’ identities weren’t collected or stored, but the mall ended the pilot after widespread backlash.

The smart cooler is just one of dozens of tracking technologies emerging in retail. At Amazon Go stores, for example—which do not have cashiers or self-checkout stations—sensors make note of shoppers’ purchases and charge them to their Amazon account; the resulting data are part of the feedback loop the company uses to target ads at customers, making it more money.

Originally published on The Atlantic here.

Privacy experts fear Donald Trump running global surveillance network

 The NSA. Obama’s approach has been to offer a modicum of transparency, much of it forced on him by the courts, in place of reform. Photograph: Patrick Semansky/AP

The NSA. Obama’s approach has been to offer a modicum of transparency, much of it forced on him by the courts, in place of reform. Photograph: Patrick Semansky/AP

Privacy activists, human rights campaigners and former US security officials have expressed fears over the prospect of Donald Trump controlling the vast global US and UK surveillance network.

Privacy and human rights campaigners in the US and UK say a Trump presidency will tip the balance between surveillance and privacy decisively towards the former. The UK surveillance agency GCHQ is so tied up with America’s NSA, often doing work on its behalf, it could find itself facing a series of ethical dilemmas.

On the campaign trail, Trump made an ambiguous remark about wishing he had access to surveillance powers.

“I wish I had that power,” he said while talking about the hack of Democratic National Committee emails. “Man, that would be power.”

“I think many Americans are waking up to the fact we have created a presidency that is too powerful.”

John Napier Tye, a former state department official who became a reluctant whistleblower in 2014, warning of NSA dragnets, said: “Obama and Bush could have set the best possible privacy protections in place, but the trouble is, it’s all set by executive order, not statute.

“So Trump could revise the executive order as he pleases. And since it’s all done in secret, unless you have someone willing to break the law to tell you that it happened, it’s not clear the public will ever learn it did. Consider that even now, the American people still do not know how much data on US persons the NSA actually collects.”

Thomas Drake, an NSA whistleblower who predated Snowden, offered an equally bleak assessment. He said: “The electronic infrastructure is fully in place – and ex post facto legalised by Congress and executive orders – and ripe for further abuse under an autocratic, power-obsessed president. History is just not kind here. Trump leans quite autocratic. The temptations to use secret NSA surveillance powers, some still not fully revealed, will present themselves to him as sirens.”

One specific surveillance measure Trump proposed on the campaign trail was surveilling mosques and keeping a database of Muslims. “A grave concern we have is that his rhetoric is going to be perceived in some corners as a green light for unfettered surveillance activities. Our concern is not just about the NSA but also the FBI. The FBI doesn’t exactly have a great record over the last 15 years,” said Farhana Khera, the president and executive director of the US-based civil rights group Muslim Advocates.

The next flashpoint over the NSA’s powers will come late in 2017, when a major surveillance law permitting collection of Americans’ international communications is set for expiration, the legal basis for the NSA’s Prism programme which siphons information from the technology giants.

According to documents released by Snowden, now years out of date as technological advancements have developed, the NSA vacuums 5bn daily records just of cellphone locations. In April 2011, it was collecting an average of 194m text messages every day.

How to Remain Secure Against the NSA

Spies and Espionage

“How to Remain Secure Against the NSA” is from a recent newsletter by Bruce Schneier, a recognized authority on Internet security. I’ve been a fan of his for many years and have recommended him to others.

The following is a direct quote from a recent newsletter by Bruce. You may find it useful.

The primary way the NSA eavesdrops on Internet communications is in the network. That’s where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.

Leveraging its secret agreements with telecommunications companies — all the US and UK ones, and many other “partners” around the world — the NSA gets access to the communications trunks that move Internet traffic. In cases where it doesn’t have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on.

That’s an enormous amount of data, and the NSA has equivalently enormous capabilities to quickly sift through it all, looking for interesting traffic. “Interesting” can be defined in many ways: by the source, the destination, the content, the individuals involved, and so on. This data is funneled into the vast NSA system for future analysis.

The NSA collects much more metadata about Internet traffic: who is talking to whom, when, how much, and by what mode of communication. Metadata is a lot easier to store and analyze than content. It can be extremely personal to the individual, and is enormously valuable intelligence.

The Systems Intelligence Directorate is in charge of data collection, and the resources it devotes to this is staggering. I read status report after status report about these programs, discussing capabilities, operational details, planned upgrades, and so on. Each individual problem — recovering electronic signals from fiber, keeping up with the terabyte streams as they go by, filtering out the interesting stuff — has its own group dedicated to solving it. Its reach is global.

The NSA also attacks network devices directly: routers, switches, firewalls, etc. Most of these devices have surveillance capabilities already built in; the trick is to surreptitiously turn them on. This is an especially fruitful avenue of attack; routers are updated less frequently, tend not to have security software installed on them, and are generally ignored as a vulnerability.

The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO — Tailored Access Operations — group. TAO has a menu of exploits it can serve up against your computer — whether you’re running Windows, Mac OS, Linux, iOS, or something else — and a variety of tricks to get them onto your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

The NSA deals with any encrypted data it encounters more by subverting the underlying cryptography than by leveraging any secret mathematical breakthroughs. First, there’s a lot of bad cryptography out there. If it finds an Internet connection protected by MS-CHAP, for example, that’s easy to break and recover the key. It exploits poorly chosen user passwords, using the same dictionary attacks hackers use in the unclassified world.

As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. We know this has happened historically: CryptoAG and Lotus Notes are the most public examples, and there is evidence of a back door in Windows. A few people have told me some recent stories about their experiences, and I plan to write about them soon. Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it’s explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.

TAO also hacks into computers to recover long-term keys. So if you’re running a VPN that uses a complex shared secret to protect your data and the NSA decides it cares, it might try to steal that secret. This kind of thing is only done against high-value targets.

How do you communicate securely against such an adversary? Snowden said it in an online Q&A soon after he made his first document public: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

I believe this is true, despite today’s revelations and tantalizing hints of “groundbreaking cryptanalytic capabilities” made by James Clapper, the director of national intelligence in another top-secret document. Those capabilities involve deliberately weakening the cryptography.

Snowden’s follow-on sentence is equally important: “Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”

Endpoint means the software you’re using, the computer you’re using it on, and the local network you’re using it in. If the NSA can modify the encryption algorithm or drop a Trojan on your computer, all the cryptography in the world doesn’t matter at all. If you want to remain secure against the NSA, you need to do your best to ensure that the encryption can operate unimpeded.

With all this in mind, I have five pieces of advice:

1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.

2) Encrypt your communications. Use TLS. Use IPsec. Again, while it’s true that the NSA targets encrypted connections — and it may have explicit exploits against these protocols — you’re much better protected than if you communicate in the clear.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA — so it probably isn’t. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the Internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my Internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it’s pretty good.

4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.

5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it’s harder for the NSA to backdoor TLS than BitLocker, because any vendor’s TLS has to be compatible with every other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it’s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

Since I started working with Snowden’s documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I’m not going to write about. There’s an undocumented encryption feature in my Password Safe program from the command line; I’ve been using that as well.

I understand that most of this is impossible for the typical Internet user. Even I don’t use all these tools for most everything I am working on. And I’m still primarily on Windows, unfortunately. Linux would be safer.

The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.

Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.

This essay originally appeared in the “Guardian.”
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

NSA links:
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
http://online.wsj.com/article/SB10001424127887324108204579022874091732470.html
http://www.theguardian.com/business/2013/aug/02/telecoms-bt-vodafone-cables-gchq
http://www.washingtonpost.com/business/technology/agreements-with-private-companies-protect-us-access-to-cables-data-for-surveillance/2013/07/06/aa5d017a-df77-11e2-b2d4-ea6d8f477a01_story.html
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data
http://www.theguardian.com/world/2013/jun/27/nsa-data-mining-authorised-obama
http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/
http://www.foreignpolicy.com/articles/2013/06/10/inside_the_nsa_s_ultra_secret_china_hacking_group
http://www.informationweek.com/security/government/want-nsa-attention-use-encrypted-communi/240157089 or http://tinyurl.com/kdxaytf

Other NSA backdoors:
http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html
http://www.heise.de/tp/artikel/2/2898/1.html
http://www.heise.de/tp/artikel/5/5263/1.html

Snowden’s interview:
http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower

Clapper’s comments:
http://www.wired.com/threatlevel/2013/08/black-budget/

Surveillance built in to the routers:
https://www.rfc-editor.org/rfc/rfc3924.txt

My tools:
http://www.gnupg.org/
https://silentcircle.com/
https://tails.boum.org/
http://www.cypherpunks.ca/otr/
http://www.truecrypt.org/
http://bleachbit.sourceforge.net/
https://www.schneier.com/passsafe.html

New report shows NSA tool collects ‘nearly everything a user does on the internet’

XKeyscore map

XKeyscore is a top secret National Security Agency program which allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden and reported in The Guardian.

“I, sitting at my desk,” said Snowden, could “wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email”.

US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden’s assertion: “He’s lying. It’s impossible for him to do what he was saying he could do.”

But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.

XKeyscore, the documents boast, is the NSA’s “widest reaching” system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers “nearly everything a typical user does on the internet”, including the content of emails, websites visited and searches, as well as their metadata.

Analysts can also use XKeyscore and other NSA systems to obtain ongoing “real-time” interception of an individual’s internet activity.

KS1

KS2

KS55edit

Read the complete article on The Guardian web site here.