No privacy concerns over Estonia’s eGovernment

August 15, 2013 Leave a comment

Estonian_Flag[1]Estonia, probably one of the states with the best developed IT infrastructure, went further with digitalizing their citizens data than any other European country dared. With their personal ID cards, citizens can access virtually any data the government, insurances and banks have on them online: social security status, bank loans, land register and even doctors prescriptions. It is even possible to register a new born child online. Of course elections are online as well, just like votes in the parliament. All of this is no problem from a data protection and privacy perspective, says President Toomas Hendrik Ilves. Every personal ID card features a certificate, which can be used for secure communication and encryption of data. More importantly, every time data of a person is accessed, the person gets notified and this event is flagged. This way, abuse is minimised because everyone knows at every point who accessed which information. This wouldn’t be possible with data being available only on papers. The state provides the secure infrastructure for communication and for access to the data. But authentication is independent and thus should ensure that everyone’s data is safe.
Recently, Estonia published the source code of the sever-side software of their e-voting system and asked the public to review it for flaws. The developers themselves say it is secure, however there are still many critical voices against this technology (English translation).

Still, the country could be a role model for many countries world-wide and a good example how the power of new technology can be used while minimising possibilities of abuse. Austria, a country where digitising health data to make the health system more efficient, still causes a huge public, ridiculous debate (English translation), should certainly take a look at this small country in northern Europe.

Advertisement

Video surveillance in citi bikes?

August 12, 2013 Leave a comment

Citi Bike Double Mini Spy CameraRecently, a blog post by John Powers caused some excitement and confusion. Powers posted an article stating that New York City’s citi bikes have cameras hidden in them, which film traffic as well as the driver. He even quoted a police commissioner who explained that they are used for catching criminals.

However, as it turns out, the story was fake. Citi bikes do not have cameras hidden inside. But it wouldn’t be surprising and is not unrealistic. Especially, since cameras in cars are becoming more common and even modern light posts are becoming more intelligent. Cameras in bikes would help investigate traffic accidents. However, I doubt that they would be useful for anything else and just for this purpose the investment would probably be too high.

Using GPS to hijack ships and crash drones

July 31, 2013 Leave a comment

Satellite navigation systems such as GPS, the Global Positioning System that provides location information for our smartphones and navigation systems, have become a very useful tool in our daily lives. While today we mostly rely on the US GPS, built in the 1970s, even Europe, after many delays, will finally have its own system (Russia already has their own called GLONASS).

However, the more we rely on GPS navigation, not only for posting our location on Facebook but for car, plane and ship navigation, the more incidents happen, which show the vulnerability of the technology. In 2012 a drone by the Austrian manufacturer Schiebel crashed in South Korea, killing an engineer. It was believed back then that this happened in connection with GPS signal jamming by North Korea, which caused navigation problems in the past. This adds to other drone vulnerabilities discovered in recent years, such as unencrypted video feeds.

Now, students of the University of Texas showed in an experiment how they could hijack a Yacht using GPS spoofing without any crew member noticing (similar to what Iran claimed to have done in 2011). They achieved this by creating a fake GPS signal and slowly increasing its signal strength until the ships automatic navigation system completely relied on this signal. Then, they slowly changed the signal to make the Yacht believe it is off course and to correct for it. Here is a description about the method:

How to protect yourself against government spying

July 25, 2013 Leave a comment

Last month, I attended an event by quintessenz, a Viennese association dedicated to data protection and privacy. The event “Yes we scan” was about ways how to protect yourself from NSA (and their friends) spying on you. In a quite technical talk, Dr. Matzinger, computer science lecturer at FH Burgenland, talked about tracking cookies, VPN tunnels, proxies, encryption and of course TOR. He talked about using three different browsers for work related surfing, private surfing and especially sensible content. He talked about routing all your Internet traffic through a proxy at home so your location cannot be tracked. And of course you should not use social network sites. At all.

Basically, I drew one conclusion from the talk: There is no practical way to protect yourself. All of these measures are fun if you have time and the technical knowledge to deal with it. They are interesting to explore if you are into information security or if it is your job to know all about it. But for the average user, it is just unrealistic to do all that. It is unrealistic until there are tools easy enough for dummy users, who do not want to spend hours figuring out how it works. Similar to the TOR browser bundle, but fast enough for everyday use. This probably is a market gap that someone hopefully fills soon.

Until then, the best way to protect yourself is to think about what you post online, what you put in your dropbox and maybe to spend the time figuring out how to encrypt your email. Or you could just do it like Russia’s federal guard service and just revert to paper communication.

MyNSA: The new cloud service, which knows all about you

July 23, 2013 Leave a comment

Just a quick note, that Phil Wolff had a nice idea, following the recent NSA scandal.If the NSA has all the info already, why not offer this knowledge as a service? He calls it MyNSA.

Losing control: Why governments are spying on the Internet

July 22, 2013 Leave a comment

51L0N+sGyHL._I was just reading in Wolfgang Ernst’ book “Das Gesetz des Gedächtnisses” (“The law of memory”), published in the year 2000. It is basically about media and media theory in our digital age. But I found one passage that made me think about the current situation, with revelations that NSA and other governments spying on us. It stated, as one of the consequences of our digital age, that governments are afraid of losing control. And that made me think that maybe the fact that our governments want to spy on us is not just a bad sign. It is not just a sign that we all become more transparent and predictable and that everybody knows much more about each one of us than ever before. It is also a sign that we are becoming freer than before. Never before in the history of the world was it harder for governments to control how information is distributed. Never before was it harder for governments to control who is communicating with whom. No wonder they want to store and analyse everything we say. Because they are losing control! I believe this is also a good sign! We should defend this freedom and fight against any attempts to limit it!

If you failed to get enough information about all the NSA and Snowden stuff, I recommend the following sources:

NSA can read, see and hear everything you do online

June 7, 2013 Leave a comment

NSA_eagleWatch a YouTube video? NSA knows.
Write a Facebook private message? NSA can read it.
Skype with a friend? NSA can hear you.

We always assumed that secret services in our todays world could access our online communication if they wanted. ECHELON monitors phone calls for over half a century now, most of our emails are not encrypted and sent through any number of servers worldwide and several reports in recent years suggested that the NSA has significant powers to spy on us. However, the revelation in recent days of a vast data collection program by the NSA, that gives them unlimited access to basically all communication online, without any court order, is shocking nonetheless. Under the program called PRISM, major internet companies grant the NSA a direct interface to all user data, including emails, calls, chats, file transfers and video (and rumoured: credit card data). Companies in the program include Microsoft, Google, Yahoo, Facebook, YouTube, Skype and Apple. No court order or special request is required. And this is heavily used: Over 2.000 PRISM-based reports are generated every month.

In a first reaction after the publication of the programs existence, the White House stressed that this program is “just” targeted against non-US citizens and that no US citizens are surveilled. This is certainly not reassuring for all of us living outside the US since most of todays internet companies are based in the US. By the way, Dropbox is supposed to be added soon. So you might want to reassess your cloud storage strategy and at least add encryption to Dropbox or use providers such as SpiderOak.

In combination with major NSA efforts to operate and build data centers to automatically analyze data, this development is troublesome and should change everyones lax attitude towards online communication.

Update:

It seems like the NSAs UK counterpart GCHQ has access too!

Update 2:

TechCrunch has an interesting article suggesting that PRISM might not be as big as everybody feared.

Masking by blinding: The IR headband

February 18, 2013 Leave a comment

IR-ASC

A work during a film festival in Stuttgart / Germany a few years back offered another interesting idea for countersurveillance. The device called I-R A.S.C. basicly consists of a headband and infrared LEDs. The headband can be worn in public like any other accessory. But since the LEDs work in the infrared range of the light spectrum, humans do not see the light it is emitting. However, video surveillance cameras, which work with IR filters during the night, are blinded and the face of the person wearing it is not recorded. This is a surprisingly simple yet effective solution if one would not like to be recorded by a camera. Please note that during the day probably most cameras are in day mode and do not work with IR light. So don’t get too comfortable.

Camover: Vandalism is no game

February 13, 2013 Leave a comment

Screen Shot 2013-02-09 at 3.37.22 PMIn the “fight” against video surveillance, a new type of real-world game was recently invented in Berlin/Germany: Camover. And the rules are quite straight forward: Destroying as many video surveillance cameras as possible, filming the act and uploading it to YouTube. While not required, it is recommended to conceal your identity while filming. The game ends on 19 February; the day the 16th European Police Congress starts in Berlin (Anonymous Austria initiated a similar operation recently as well). One might think of this game as a valid method to fight suppression, surveillance and intrusion into our privacy. However, I think it should be seen as what it is: Pure vandalism, which will not change a thing. The cameras will be replaced with new, state-of-the-art megapixel cameras. In the end, it is we, the tax payers, who will have to pay for the damage done. Video surveillance in public is not necessarily a bad thing, especially if we look at some recent “success stories” in Austria, where crimes were solved using video surveillance. And I know of not one case, where video surveillance in the public has been abused (yet). Having said that, making sure that abuse is not possible and that our right to privacy is not tampered with, is a main concern of mine. This can for example be achieved by creating feasible laws and by new technology, which has been built with privacy by design in mind. But destroying cameras is definitely no solution.

“Anti-drone city” to protect from attacks

February 11, 2013 Leave a comment
(c) Asher J. Kohn

(c) Asher J. Kohn

Following my recent post about the anti-drone hoodie, the work of Asher J. Kohn is worth mentioning. He drafted an architectural concept for an “anti-drone city“, which uses several technological tricks to defend against detection from drones. Towers, which change heat patterns are used to confuse thermal detection systems. Windows made out of LED screens project changing patterns to produce false detections. Displays in the courtyard show QR patterns and fake shadows.

All deflection systems used are meant to confuse completely autonomous military drones to draw attention away from humans. However, as soon as a human is in the loop and looks at the drone’s camera images all this effort is worthless. Further, the concept is targeted at military applications and thus is basically another defence system for war zones.

I believe that anything developed to save human lives is a good effort. But concepts that can protect individuals from urban, every-day drone surveillance are worth thinking of as well. For example, wouldn’t it be interesting to develop a kind of opt-out surveillance system? To define a standard, in which individuals can choose if they want to be seen or not? Similar to location tracking on smart phones. Individuals, who do not want to be tracked would be left out of the image (e.g. by pixelating them or replacing them with an avatar). Of course, this system could be overruled for Police use but it would protect us from private drone surveillance in the future. It would be a good compromise between growing drone usage and the protection of our privacy. I believe, these ideas are worth developing further.

%d bloggers like this: