Tag: mass surveillance

A Peek Inside the FBI’s Unprecedented January 6 Geofence Dragnet

The FBI’s biggest-ever investigation included the biggest-ever haul of phones from controversial geofence warrants, court records show. A filing in the case of one of the January 6 suspects, David Rhine, shows that Google initially identified 5,723 devices as being in or near the US Capitol during the riot. Only around 900 people have so far been charged with offenses relating to the siege.

The filing suggests that dozens of phones that were in airplane mode during the riot, or otherwise out of cell service, were caught up in the trawl. Nor could users erase their digital trails later. In fact, 37 people who attempted to delete their location data following the attacks were singled out by the FBI for greater scrutiny.

Geofence search warrants are intended to locate anyone in a given area using digital services. Because Google’s Location History system is both powerful and widely used, the company is served about 10,000 geofence warrants in the US each year. Location History leverages GPS, Wi-Fi, and Bluetooth signals to pinpoint a phone within a few yards. Although the final location is still subject to some uncertainty, it is usually much more precise than triangulating signals from cell towers. Location History is turned off by default, but around a third of Google users switch it on, enabling services like real-time traffic prediction. 

The geofence warrants served on Google shortly after the riot remained sealed. But lawyers for Rhine, a Washington man accused of various federal crimes on January 6, recently filed a motion to suppress the geofence evidence. The motion, which details the warrant’s process and scale, was first reported by journalist Marcy Wheeler on her blog, Emptywheel

In a statement, a Google spokesperson defended the company’s handling of geofence warrants.

“We have a rigorous process for geofence warrants that is designed to protect the privacy of our users while supporting the important work of law enforcement,” the company said. “When Google receives legal demands, we examine them closely for legal validity and constitutional concerns, including overbreadth, consistent with developing case law. If a request asks for too much information, we work to narrow it. We routinely push back on overbroad demands, including overbroad geofence demands, and in some cases, we object to producing any information at all.”

Google requires a three-step process for geofence warrants to narrow their scope to only those most likely to be guilty of a crime. In the first and broadest step, the FBI asked Google to identify all devices in a 4-acre area, including the Capitol and its immediate surroundings, between 2 pm and 6:30 pm on January 6. Google initially found 5,653 active devices that “were or could have been” within the geofence at that time. When Google added in data from devices that only connected to its servers later that day, or the next, the number increased to 5,723. (Location History works in airplane mode because phones can continue to receive GPS satellite signals.)

Keep reading

Massachusetts Department of Public Health SECRETELY Colluded With Google To Auto-Install Contact-Tracing SPYWARE On Your Phone

The Massachusetts Department of Public Health is facing a class action lawsuit after colluding with Google to repeatedly auto-install contact-tracing spyware on the smartphones of over a million Massachusetts residents without their permission or consent.

According to a class action lawsuit filed by the New Civil Liberties Alliance, a nonpartisan nonprofit civil rights organization, the Department of Public Health rolled out the contact tracing app it worked with Google to create in April 2021.

“The App causes an Android mobile device to constantly connect and exchange information with other nearby devices via Bluetooth and creates a record of such other connections. If a user opts in and reports being infected with COVID-19, an exposure notification is sent to other individuals on the infected user’s connection record,” the NCLA explains in the complaint, Wright v. Massachusetts Department of Public Health.

Initially, the app which obtains users private locations and health information was voluntarily installed.

Keep reading

Techno-Authoritarianism Is Here to Stay: China and the Deep State Have Joined Forces

“If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back.”—Senator Frank Church

The votes are in.

No matter who runs for office, no matter who controls the White House, Senate or the House of Representatives now or in the future, “we the people” have already lost.

We have lost because the future of this nation is being forged beyond the reach of our laws, elections and borders by techno-authoritarian powers with no regard for individuality, privacy or freedom.

The fate of America is being made in China, our role model for all things dystopian.

An economic and political powerhouse that owns more of America’s debt than any other country and is buying up American businesses across the spectrum, China is a vicious totalitarian regime that routinely employs censorship, surveillance, and brutal police state tactics to intimidate its populace, maintain its power, and expand the largesse of its corporate elite.

Where China goes, the United States eventually follows. This way lies outright tyranny.

Keep reading

New Zealand spy agency uses ‘computer network exploitation’ to take digital information

One of the country’s two spy agencies has revealed it retrieves information directly from where it is stored or processed on computers.

The “computer network exploitation” operations have been a highly-classified secret at the GCSB until now.

US commentators refer to computer network exploitation as a form of cyber warfare, or the “theft of data”.

“Our legislation … allows us to access information infrastructures, which is more than just interception,” the Director-General of the Government Communications Security Bureau, Andrew Hampton, said.

It “also allows us to retrieve digital information directly from where it is stored or processed”.

The GCSB refers to this as “accessing information infrastructures”.

The spy watchdog, the Inspector-General of Intelligence and Security, Brendan Horsley, cited Hampton’s speech to the Institute of International Affairs in May, for making the revelation.

This had freed Horsley up to be able to assure the public that the exploitation operations were scrutinised, he said in his annual report released on Friday.

Previously, he had had to refer to “certain operations”.

“Although it was subject to oversight, it was not possible to provide any clear public assurance of this.”

In fact, he had conducted a review that found the compliance systems around CNE “to be generally effective and appropriate”.

However, he was still not allowed to go into details “on the bureau’s use of this important capability”.

Keep reading

UN pushes COP27 app that has ability to spy on private conversations and access encrypted texts

Security advisers from Western countries are warning delegates attending the COP27 climate summit not to download the Egyptian government’s official app. The app is supposed to help attendees of the event with navigation but has major privacy concerns – allowing the app to be used as a surveillance tool.

The app is recommended on the official UN website for the COP27.

POLITICO says a potential vulnerability was found by four different cybersecurity experts that reviewed it. The news outlet claims that the app can allow the Egyptian government to read users messages, emails, and even communications via encrypted messaging platforms like Signal and WhatsApp.

The app can track location through GPS and WiFi. It also requires a permission that could allow the government to spy on conversations even when the device is in sleep mode.

The app also gives the government back-door privileges to scan users’ devices.

Some experts said much of the access and data the app gets are fairly standard. Additionally, so far, there is no evidence that people’s messages and emails have been read or users’ location tracked.

The main problem is the combination of the access it has and the Egyptian government’s record with tracking. According to Privacy International, following the Arab Spring, the Egyptian government has cracked down on dissidents and used emergency rules to track citizens both online and offline.

Keep reading

White House to partner with social media monitoring tool

The Biden administration is about to sign a contract with Dataminr – a licensing deal for the company’s product that is used in the monitoring of social media.

This is revealed in documents published by the Defense Information Systems Agency (DISA) which will buy 30 licenses to deploy Dataminr’s First Alert V2, designed for the public sector and the scouring of 200,000 online sources and data mining, then compiling real-time news alerts for the White House, and other clients.

Dataminr is a popular tool used by news desks and others that want to monitor the internet and it’s easy to see why it would be useful to the government. Portions of the press show an unfavorable attitude towards Dataminr because it was used by police in many cities, including New York and Los Angeles, to monitor the 2020 Black Lives Matter protests and riots.

US Defense Department’s non-civilian employees already use Dataminr’s services thanks to a 2021 contract signed with the Air Force.

DISA said in June it had no plans to directly or in another way “involve” Twitter as a subcontractor. In August, this agency that handles the White House communications said it needed a contract (with Dataminr) of its own because civilians it employs cannot utilize mass surveillance of social media through that Air Force deal.

New York-based Dataminr, which is also known for its work as one of Twitter’s official partners and bills itself as an AI company, has been awarded the contract but the details, such as its duration and the overall cost of licensing have not been announced.

Meanwhile, it is speculated that Dataminr was chosen by the US administration precisely for its association with Twitter, as DISA spelled it out in the document explaining the choice of the vendor by saying it must be a certified Twitter partner.

Keep reading

The Quiet Merger Between Online Platforms and the National Security State Continues

The steady march of the post-2016 tech censorship campaign has been picking up pace lately, and we’ve just learned of another leap forward. According to recent major reporting from the Intercept, the US Department of Homeland Security (DHS) has been involved in efforts aimed at corralling what it refers to as “MDM”: misinformation, disinformation, and “malinformation.”

Documents obtained and made publicly available by the news outlet show that the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has been formulating a strategy to combat MDM regarding US elections and other matters. While seemingly unobjectionable on the surface ― who could be against combating false information, which is rife online? ― it raises serious questions about the extent of government involvement in the already-troubling phenomenon of tech censorship.

The conversations detailed in the documents show the federal government, and the DHS specifically, taking a more active role in tech companies’ efforts to suppress MDM. We’ve had some indications this was happening for a while, as when DHS secretary Alejandro Mayorkas told Andrea Mitchell of MSNBC in August that the government was “working with the tech companies” on “strengthen[ing] the legitimate use of their very powerful platforms and prevent[ing] harm from occurring,” and that it was doing so “across the federal enterprise” ― comments that were only reported in right-wing media.

The documents give us details about what that work has entailed. In these discussions, the government did not directly carry out censorship. Rather, they involved government agencies: doing “debunking” and “pre-bunking”; directing the press, local and state governments, and other stakeholders to “trusted resources”; carrying out “rumor control”; boosting “trusted authoritative sources”; giving financial support to its external partners; and improving information literacy. Much of the focus is on elections, with participants talking about using these resources to prevent people being misled about how, where, and when to vote, and stressing that CISA should strictly be a “resource” that at most uses its “convening power.”

Keep reading

US citizens were given secret Covid “decree violation” scores

Voter analytics firm PredictWise harvested location data from tens of millions of US cellphones during the initial Covid lockdown months and used this data to assign a “Covid-19 decree violation” score to the people associated with the phones.

These Covid-19 decree violation scores were calculated by analyzing nearly two billion global positioning system (GPS) pings to get “real-time, ultra-granular locations patterns.” People who were “on the go more often than their neighbors” were given a high Covid-19 decree violation score while those who mostly or always stayed at home were given a low Covid-19 decree violation score.

Not only did PredictWise use this highly sensitive location data to monitor millions of Americans’ compliance with Covid lockdown decrees but it also combined this data with follow-up surveys to assign “Covid concern” scores to the people who were being surveilled. PredictWise then used this data to help Democrats in several swing states to target more than 350,000 “Covid concerned” Republicans with Covid-related campaign ads.

In its white paper, PredictWise claims that Democrats were able to “deploy this real-time location model to open up just over 40,000 persuasion targets that normally would have fallen off” for Mark Kelly who was running for Senate at the time and has now been elected.

“PredictWise understood that there were potential pockets of voters to target with Covid-19 messaging and turned high-dimensional data covering over 100 million Americans into measures of adherence to Covid-19 restrictions during deep lockdown,” the company states in the white paper.

PredictWise doesn’t provide the exact dates when this location data was collected but its white paper does note that the data was collected during Covid lockdowns and used during Senator Kelly’s 2020 election campaign. State-level US lockdowns began on March 15, 2020 and Kelly was elected on November 4, 2020 so the data appears to have been collected during the first few months of this 11 month period.

Keep reading

Google Employees Are Laughing at You for Thinking ‘Incognito Mode’ Is Private

According to a series of internal communications discovered in court, Google employees joked about Chrome’s “Incognito mode” and criticized the company for failing to meet users’ expectations of privacy.

Google is currently the target of a class action lawsuit in California over its misleading claims of privacy.

Court documents obtained by Bloomberg reveal that a Google engineer suggested in 2018 that the Incognito mode icon be changed to “Guy Incognito,” a Simpsons character who looks exactly like Homer Simpson except for his mustache. According to the Google employee, the character “accurately conveys the level of privacy [Incognito mode] provides” compared to Chrome’s standard browsing mode.

In a 2021 email, Google marketing chief Lorraine Twohill urged the implementation of a more secure Incognito mode as a means of gaining users’ trust.

“Make Incognito Mode truly private,” Twohill wrote. “We are limited in how strongly we can market Incognito because it’s not truly private, thus requiring really fuzzy, hedging language that is almost more damaging.”

Studies have shown that the language used by Google contributes to the misconception that “Incognito mode” is truly private.

“We found that browsers’ disclosures fail to correct the majority of the misconceptions we tested,” researchers at the University of Chicago and Leibniz University Hannover wrote in 2019. “These misconceptions included beliefs that private browsing mode would prevent geolocation, advertisements, viruses, and tracking by both the websites visited and the network provider.”

Keep reading