Always strive to learn something useful. --Sophocles

PRISM is/was an NSA intelligence-gathering program. It has been widely speculated that friendly governments spy on other countries so that said country doesn't violate laws about spying on their own people. And this happened in NZ. The activist was from Fiji, and was very active in trying to get democracy for Fiji and get rid of the prime minister. So in sweeps the NSA and PRISM to try and find dirt on him, which they did not find.

First Confirmed Prism Surveillance Target Was Democracy Activist (fortune.com)

Posted by manishs on Monday August 15, 2016 @08:00AM from the truth-is-out-there dept.
A new report by Television New Zealand in collaboration with The Intercept, based on leaks of former U.S. National Security Agency worker Edward Snowden has for the first time named a target of the NSA's controversial Prism program. The target was a middle-aged civil servant and pro-democracy activist named Tony Fullman. Fullman, who is originally from Fiji but has lived in New Zealand for decades, is an advocate for democracy in Fiji and a critic of Fijian prime minister Frank Bainimarama, who took power in a 2006 coup.

From a Fortune report:
According to The Intercept, the NSA in 2012 monitored Fullman's communications through the Prism program and passed on information to the New Zealand intelligence services. Around the same time, the New Zealand authorities raided Fullman's home and revoked his passport. The New Zealand intelligence services were not themselves allowed to spy on Fullman, who was a New Zealand citizen. However, as Snowden has repeatedly described, the agencies of many Anglophone countries spy on each other's behalf, in order to bypass their national legal restrictions. Fullman suggested in the article that people in the group may well have said violent things about Bainimarama, but this was just venting, not a plot. According to the report, they never suspected someone was listening into their communications. The NSA was said to be helping by analyzing Fullman's Facebook and Gmail activities. The 190 pages of intercepted documentation seen by The Intercept apparently didn't reveal evidence of a plot.

https://yro.slashdot.org/story/16/08/15/1341241/first-confirmed-prism-surveillance-target-was-democracy-activist

Stingrays are $100,000 devices that simulate cell phone towers and are used by law enforcement to capture a suspect's cell phone traffic. The problem is, it also captures EVERYONE ELSE'S TRAFFIC. There has been tremendous controversy about 4th Amendment rights because it's such a blanket capture of traffic. Many criminal cases have been dropped because the defense attorneys have pressed for details on the Stingrays and the prosecution abandoned the case under direction of the Federal Department of Justice to not reveal details.

Well, apparently they now they have smaller hand-held devices that are 1/20th the price and can filter for just a suspect's traffic. And the 4th Amendment problems remain.

http://www.wired.com/2015/08/security-news-week-police-use-mobile-cell-phone-trackers-avoid-court-orders/

I've written about Stingrays before, they're surveillance devices that force all of the cell phones in an area to connect with them, thus conducting yet another form of mass surveillance. And usually they're deployed without warrants.

Well, now they're in the air. The U.S. Marshall's Service have five Cesnas around the country that carry them. They're more powerful and sensitive, which means they're sweeping up a much larger area than a ground-based unit.

WHEEE!

http://www.wired.com/2014/11/feds-motherfng-stingrays-motherfng-planes/

Emails have been discovered telling officers how to avoid telling judges about the devices.

http://www.wired.com/2014/06/feds-told-cops-to-deceive-courts-about-stingray/

The ACLU filed a public records request for all information about using stingray devices from the Sarasota PD and had an appointment to review the documentation, when the US Marshal Service went in and effectively raided the police department, taking all of the documents that the ACLU were going to view.

Something similar happened in Tallahassee after it was revealed that said department had used stingrays 200 times without telling a judge. The stingray manufacturer had made the police department sign non-disclosure agreements and the department thought that precluded telling judges. Interesting how corporations can now dictate law enforcement behavior.

A stingray is a piece of surveillance equipment that mimics a cell tower. It broadcasts a stronger signal than a tower which forces all of the cell phones in the area to link to it. By moving the tower around, you can triangulate and more accurately locate the phone with a specific number than is possible with tower information alone. The kerfuffle revolves around the detective getting a 'trap and trace' warrant which is effectively a phone tap, for deploying this stingray, rather than a probable cause warrant that is normally used with them.

http://www.wired.com/2014/06/feds-seize-stingray-documents/

It was called the Terrorist Surveillance Program, and apparently was superseded by PRISM.

Here's my question. I remember a few years ago a person proposed a program, I believe it was a retired Navy Admiral (are there any other kind? the Navy Admiral bit), and it was called the Total Surveillance Program. Both are TSP. It was rumored after the first TSP (Total, not Terrorist) was shut down that there were efforts to break it in to smaller pieces. I wonder if one of them is the Terrorist TSP in whole or in part.

http://www.npr.org/blogs/thetwo-way/2013/12/21/256101601/new-nsa-documents-make-case-for-keeping-programs-secret

The Seattle police department has a proven track record of being less than forthcoming when they institute surveillance measures. They installed 30 cameras in the port district for 'security' without owning up to it or saying how they are used. Most recently, they've installed a mesh wireless network downtown. Each box contains for wireless access points, and they talk to each other. And they can track and triangulate a smartphone's WiFi radio.

The city council passed a regulation that all systems capable of surveillance have to have detailed usage plans before the council within 30 days of installation. The report is expected around Thanksgiving, and the new police network, from a vendor known as Aruba, will have been up for nine months at that point.

The whole thing was funded by the Department of Homeland Security and feeds an intelligence fusion center, among other recipients.

http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143845

http://mobile.slashdot.org/story/13/11/09/060253/seattle-pd-mum-on-tracking-by-its-new-wi-fi-mesh-network


There's a concept called geofencing. In it, a geographic point is defined, such as 'my parent's house', and under iPhone's iOS 6 and later you could tell it 'remind me to open the vent in the bedroom when I get to my parent's house.' I would imagine that Android phones have similar capability. It'd be cool if you could tell it 'Disable WiFi when I leave home, turn it on when I return.'

Yesterday, a thread appeared on Slashdot talking that a private company's recycle bins, a dozen all over London, were electronically sniffing you as you walked by. If you had a smart phone, it grabbed your WiFi's MAC address and logged your movement relative to the can. The long-term purpose was targeted advertising since it is difficult, if not impossible, to change this number.

In two test runs, four days in May and eight in June, "...over four million events were captured, with over 530,000 unique devices captured. Further testing is taking place at sites including Liverpool Street Station." The 'event' would be four million people walking by one of their bins, the 'unique devices captured' would be the 8% of those people with smart phones in their pocket. The company, Recycle Now, has around a hundred such recycling bins all over London that also incorporate digital ad boards. They were working towards a Minority Report advertising ecosystem.

According to the firm's CEO, "...As long as we don't add a name and home address, it's legal." He also told Wired UK that "We collect anonymised and aggregated MAC data -- we don't track individuals or individual MACs. The ORBs aggregate all footfall around a pod for three minutes and send back one annonymised aggregated report from each site so the idea that we are tracking individuals again is more style than substance," says Memari in an email. "There are applications in the future which Quartz focused on but during the trial period we are only looking at anonymised and aggregated MAC data."

He adds, "as some of the technology we will be testing will be on the boundaries of what is regulated and discussed it is our intention to discuss it publicly and especially collaborate with privacy groups like EFF to make sure we lead the charge on [adding necessary protections] as we are with the implementation of the technology."

http://www.wired.co.uk/news/archive/2013-08/09/recycling-bins-are-watching-you

The company has a web site that allows you to enter the MAC address of your phone to opt-out of the tracking, which I would think the site would just take and aggregate the data for future use since in the initial version the bins aggregate the data before sending it back to the mother server, which means the individual MAC addresses are not there. They might push an ignore list out to the bins, but I doubt that.

Well, the City of London Corporation has told Renew Now to stop running the program.

http://www.techweekeurope.co.uk/news/recycling-bin-firm-denies-tracking-london-phones-with-wi-fi-124461


FYI, a MAC address is a unique identifier built-in to the networking part of your equipment. Your smart phone or tablet has one if it can access the internet, any network card or a computer with a built-in network card has one, which is pretty much all computers made today. So does your DVR, your networked printer, your BluRay player, etc. It's a two-part number consisting of six hexadecimal digits, normally each digit is represented with a colon separator, like this: 01:23:45:67:89:ab. The first three digits identify the manufacturer, the last three are unique to the card. This gives a total number of unique values of 247 x 10 to the 14th. A unique MAC address is essential to network routing, that is, getting the packets that your computer sends to a specific web site returned back to you and not to someone else. In Windows and Mac PCs, you cannot change this number. In Linux machines, even though the number is burned in to a read-only memory chip, it can be changed if you want to tinker at that level. I don't know if you can change it on an Android smart phones whose operating system is based on Linux.

In this case, Renew Now claimed that they were just gathering the manufacturer code of the MAC address, so it wasn't tracking you, it was tracking who made your smart phone. Marketers like to make assumptions about people based on branding, for example, some web sites look to see if you're accessing them from a Mac, and if so, they charge you a higher price because they know you'll pay more money for some types of computer hardware. It's a very broad brush that they're painting with, and I think it's fallacious when it comes to smart phones. If someone drives a Ferrari, yes, you can assume they're wealthy. Smart phones, not so much. I was making less than $30k annually when my wife bought me my iPhone, that ain't wealthy.


The only way to truly block tracking like this is to either turn off the WiFi on your phone when you're out in public, or turn off your phone altogether. How many people could or would actually do that? It's funny to think about 20 years ago when almost no one owned a cell phone.

Excellent article from the former director of application security at Twitter.

It focuses on several points. First, Federal criminal statute is spread over 27,000 pages. Even the Feds don't know how many laws there are, but it's estimated to be in excess of 10,000. For example, it is illegal to poses a lobster under a certain size. Doesn't matter how you got it, and ignorance of the law is no excuse. It also talks about the sometimes necessity of violating the law to encourage change. In Minnesota, sodomy was illegal until 2001, they recently approved same-sex marriage. If we had 100% effective law enforcement, it would be extremely difficult to get such laws changed because everyone who would benefit from that change would be a branded criminal.

Another: manpower. It used to require law enforcement to commit one or more persons to follow someone. Now we all carry our very own tracking devices, and last year cell carrier Sprint, by itself, responded to 8 million tracking requests from law enforcement. That's pretty much the entire city of New York. It's much easier for law enforcement to relax their standards and be profligate in their information requests since they don't have to invest the manpower resources to follow someone. Myself, I've become tempted to put my phone in to airplane mode just to screw up my tracking data. I have no reason to believe that law enforcement would be interested in me, but I also see no reason to make their jobs easier if they do take an interest. Of course, the question then becomes would me turning off their ability to track me pique their interest in me?

She also mentions license plate scanners. I actually saw those in use in El Paso, 100 miles south of me and a place that we visit every couple of months. If I ever see Phoenix or any of the places that I regularly spend time in getting them, I'm buying one of those LED license plate frames.


I especially like two paragraphs in her conclusion: Some will say that it’s necessary to balance privacy against security, and that it’s important to find the right compromise between the two. Even if you believe that, a good negotiator doesn’t begin a conversation with someone whose position is at the exact opposite extreme by leading with concessions.

And that’s exactly what we’re dealing with. Not a balance of forces which are looking for the perfect compromise between security and privacy, but an enormous steam roller built out of careers and billions in revenue from surveillance contracts and technology. To negotiate with that, we can’t lead with concessions, but rather with all the opposition we can muster..


I was recently discussing this topic with a friend, who is part of the "I have nothing to hide" attitude. He surfs porn on the internet. He's also a teacher. I have no idea what flavors of porn he's interested in, and I'm sure they're perfectly kid-safe. But what would happen to his career if that information were released? It could certainly be a career-ending revelation.

I don't have anything in my computers that I'm particularly ashamed of, including browser history, but I don't want it to become public knowledge. The fact that I have nothing in particular to hide doesn't give law enforcement or anyone else the right to stick their nose in it without probable cause and a search warrant. My laptop is encrypted, so is my desktop and all of my backups, also my iPhone backups which do not back up to the cloud. I will not allow my equipment to be casually examined. I will not go gently in to that good night if they take an interest in me, they're going to have to produce a valid search warrant before I unlock anything.


http://www.wired.com/opinion/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/

The beloved Department of Homeland Security is providing grants to help municipalities equip public transit buses, and in the case of San Francisco, vintage trolleys, with video surveillance. But they're also installing microphones throughout the vehicle, including one outside, so they can get synchronized audio. Baltimore, MD considered doing this and briefly backed down when they considered that this might constitute illegal wiretap, but the city attorney said that posting warning signs should counter that.

So it's time to break out the infrared baseball caps and find a source for high frequency white noise generators.

Speaking of which, Hawaii 5-0 last week based their story around the concept of bank robbers with IR LED's sewn in to their clothing to defeat surveillance cameras. And the crime lab tech called it "high tech". I can go to Radio Shack and buy the components for probably $5 to do it, all you need is an IR LED, a diode, a resistor, a battery, and you're set. High tech? Yeah, right.

http://www.wired.com/threatlevel/2012/12/public-bus-audio-surveillance/