Privacy, encryption vs. Surveillance state

In just 20 minutes this morning, an automated license-plate-recognition (ALPR) system in Nashville, Tennessee, captured photographs and detailed information from nearly 1,000 vehicles as they passed by. Among them: eight black Jeep Wranglers, six Honda Accords, an ambulance, and a yellow Ford Fiesta with a vanity plate.

This trove of real-time vehicle data, collected by one of Motorola’s ALPR systems, is meant to be accessible by law enforcement. However, a flaw discovered by a security researcher has exposed live video feeds and detailed records of passing vehicles, revealing the staggering scale of surveillance enabled by this widespread technology.

More than 150 Motorola ALPR cameras have exposed their video feeds and leaking data in recent months, according to security researcher Matt Brown, who first publicized the issues in a series of YouTube videos after buying an ALPR camera on eBay and reverse engineering it.

As well as broadcasting live footage accessible to anyone on the internet, the misconfigured cameras also exposed data they have collected, including photos of cars and logs of license plates. The real-time video and data feeds don’t require any usernames or passwords to access.
...

Click to expand...

pmbug said:

Back on topic...

Almost two years ago, I ran across this news story (but failed to post it here) about Palantir Technologies building a supercomputer for the IRS to analyze/track financial transactions:

IRS Becoming Big Brother With $99-Million Supercomputer

The IRS is building a $99-million supercomputer that will enable it to monitor every aspect of Americans' lives. By Michael Tennant

thenewamerican.com

Some background on Palantir Technologies from that time:

https://www.cnbc.com/2016/01/12/the-cia-backed-start-up-thats-taking-over-palo-alto.html

This morning, I saw this report with a rather chilling quote in it:

Palantir posts huge loss but outlook cheers investors - MarketWatch

Sounds like they are building out surveillance tech for contact tracing / medical profiling or similar.

Click to expand...

Friday’s edition of the Washington Post reveals that the United Kingdom has served Apple with a secret order, a so-called capability notice under the Investigatory Powers Act 2016, demanding that Apple create a backdoor to its encrypted cloud storage systems that would permit access on-demand by UK government officials.

The Post also reports that, in response, Apple is likely to withdraw its services from the UK rather than comply. Apple told Parliament, in March of last year, that “[t]here is no reason why the U.K. should have the authority to decide for the citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”
...

Click to expand...

Apple is withdrawing its Advanced Data Protection tool from the UK, leaving iCloud users without the highest level of encryption the company currently offers. The move comes just weeks after reports emerged that the British government was pressuring Apple to create a backdoor into its encrypted services for law enforcement and spying purposes.

ADP is an opt-in security tool, which provides end-to-end encryption for iCloud services to those who want it. The UK's Home Office had refused to confirm or deny whether it made a request to Apple to turn it off, but the company has made it clear that's not a decision that it wanted to take.

Apple is "gravely disappointed" that it will no longer be able to offer ADP to UK users, especially given "the continuing rise of data breaches and other threats to customer privacy," said a company spokesperson in a statement. "Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before."

The decision is "the regrettable consequence" of the Home Office's "outrageous order" to force Apple into weakening security, said Rebecca Vincent, interim director of privacy and civil liberties campaign group Big Brother Watch. "As a result, from today Apple's UK customers are less safe and secure than they were yesterday -- and this will quickly prove to have much wider implications for internet users in the UK," she said.
...

Click to expand...

Trump Treasury Expands Financial Surveillance​

In a moment of clarity after initially moving forward a deeply flawed piece of legislation, the French National Assembly has done the right thing: it rejected a dangerous proposal that would have gutted end-to-end encryption in the name of fighting drug trafficking. Despite heavy pressure from the Interior Ministry, lawmakers voted Thursday night (article in French) to strike down a provision that would have forced messaging platforms like Signal and WhatsApp to allow hidden access to private conversations.

The vote is a victory for digital rights, for privacy and security, and for common sense.

The proposed law was a surveillance wishlist disguised as anti-drug legislation. Tucked into its text was a resurrection of the widely discredited "ghost” participant model—a backdoor that pretends not to be one. Under this scheme, law enforcement could silently join encrypted chats, undermining the very idea of private communication. Security experts have condemned the approach, warning it would introduce systemic vulnerabilities, damage trust in secure communication platforms, and create tools ripe for abuse.
...
France’s rejection of the backdoor provision should send a message to legislatures around the world: you don’t have to sacrifice fundamental rights in the name of public safety. Encryption is not the enemy of justice; it’s a tool that supports our fundamental human rights, including the right to have a private conversation. It is a pillar of modern democracy and cybersecurity.

As governments in the U.S., U.K., Australia, and elsewhere continue to flirt with anti-encryption laws, this decision should serve as a model—and a warning. Undermining encryption doesn’t make society safer. It makes everyone more vulnerable.

This victory was not inevitable. It came after sustained public pressure, expert input, and tireless advocacy from civil society. It shows that pushing back works. But for the foreseeable future, misguided lobbyists for police national security agencies will continue to push similar proposals—perhaps repackaged, or rushed through quieter legislative moments.

Click to expand...

searcher said:

Trump Treasury Expands Financial Surveillance​

More than one million Americans are about to face a new level of financial surveillance. The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced that the threshold for currency transaction reports has been lowered from $10,000 to $200 for Americans living in 30 zip codes in California and Texas. Financial surveillance in the United States has long needed reform, but this move is in the wrong direction.

https://www.cato.org/blog/trump-treasury-expands-financial-surveillance

Click to expand...

searcher said:

More:

ARLINGTON, Va.—Small businesses subject to new and intrusive financial surveillance that could ruin them are suing with the Institute for Justice (IJ) to protect their Fourth Amendment rights and the rights of their customers. The federal Financial Crimes Enforcement Network (FinCEN) yesterday implemented an order requiring certain businesses in targeted ZIP codes to report all cash transactions above $200. The normal reporting requirement is for cash transactions over $10,000. By dropping that to $200, FinCEN is treating virtually every honest, hardworking person as a potential criminal whose name and financial information will go into a database for criminal investigators to use. The targeted businesses could lose customers, who are understandably reluctant to hand over personal information, and the businesses will be swamped trying to file time-consuming reports for almost all transactions.

Border Businesses Facing Ruin File Suit Against Federal Cash Surveillance - Institute for Justice

ARLINGTON, Va.—Small businesses subject to new and intrusive financial surveillance that could ruin them are suing with the Institute for Justice (IJ) to protect their […]

ij.org

Click to expand...