In this post I’m going to briefly note just how bad an idea it is, for citizens, that ISPs and content providers are working together to resolve ‘copyright infringement’ without having a substantial degree of government involvement.
Rules of the game
Perhaps you’re familiar with baseball (or California penal rules). In either case, you’ll have heard of the ‘three strikes and you’re out’ rule. In baseball, this would mean that a batter returns to the dugout, and another person attempts to swat a ball and race towards first base. In the penal system, it indicates that you’ve committed enough criminal offenses that you’re going to have the book thrown at you . . . the next person behind you in court can then try to argue why they’re innocent, and go free (first base?).
It identifies that hackers will only look at RFID tags once the data they transmit is easy to send along electronic mediums, with the data being transmitted itself valuable (i.e. not simply the location of valuable goods, but the information must be a valuable good in itself);
It blindingly misses the point that RFID opens a new avenue of attack that could seriously contribute to an e-warfare application.
You might have heard about RFID in the news over the past few years. In case you need a quick primer/update, here’s the basics on RFID:
It’s not new – RFID has been in use since WWII to organize valuable assets and more effectively track them;
RFID can either actively broadcast information, or have the chip activated when placed within ‘hot’ zones – an RFID device does not necessarily always broadcast information;
There are different ISO standards for various RFID types – some support encryption, some do not, some support active transmission of data (i.e. they are always broadcasting information), and some do not (these are termed passive RFID devices);
RFID Tag are often confused with Contactless SmartCars (CSCs) on the basis that they mutually use radio transceivers to broadcast information. Different ISO standards are used for these two types of devices, with CSCs having been developed with encryption and privacy issues in mind;
On the topic of read ranges – RFID tags can be read up to 10 meters or so away, whereas CSCs are usually read from a maximum of about 5cm away from a reader;
RFID Tags are to be placed in many of the Enhanced Drivers Licenses (EDLs) in Canada, whereas CSCs are being insert into the e-passports that are being deployed in Britain and the US.
Yahoo! has recently released a new product called Fire Eagle. Fire Eagle is an application that developers can integrate into their software suites, enabling users to identify and broadcast their geospatial location to others on the application’s network. There are many very positive features of Fire Eagle (at least relative to other applications of this nature):
* It’s opt-in
* It allows for granular, application level, sharing of information
* It keeps limited historical data – it “keeps only the most recent piece of location information it has received for each of the major levels it understands: Exact Location, Neighborhood, City, State, Country etc. If a new piece of “Exact Location” information comes in, then we throw away the old one.” (Source)
* Yahoo!’s developers anonymize user data, and assert that they will exclusively use it for system statistics as it pertains to updates and improving service (no notes on how data is anonymized, however)
* The privacy statement makes note that users need to read the privacy agreements of the applications that utilize/integrate Fire Eagle
* Yahoo! notes that their partners must consent to terms and services, and a code of conduct, and Yahoo! provides a space for users to complain if they think that a Yahoo! partner is violating their agreements with Yahoo!.
But, but, what about those third parties!?!
A BBC article that talks about this new service (Privacy worry over location data) really identifies the core privacy concern that most advocates seem to have with this service:
The problem for privacy watchers is that privacy policies across the web are all very different and using a service through a third party could raise some real issues. Continue reading
Don Reisinger’s posting on Pro-privacy initiatives are getting out of hand is a good read, even if I don’t think that he ‘gets’ the reason why privacy advocates are (should be?) concerned about Google Streetview. If you’ve been under a rock, Google is in the process of sending out cars (like the one at the top of this post) to photograph neighborhoods and cities. The aim? To let people actually see where they are going – get directions, and you can see the streets and the buildings that you’ll be passing by. It also lets you evaluate how ‘safe’ a neighborhood is (ignoring the social biases that will be involved in any such estimation) and has been talked about as a privacy violation because some people have been caught on camera doing things that they didn’t want to be caught doing.
Don: Privacy Wimps Stand Up, Sit Down, and Shut Up
Don’s general position is this: American law doesn’t protect your privacy in such a way that no one can get one or take a photo of your property. What’s more, even if you were doing something that you didn’t want to be seen in you home, and if that action was captured by a Google car, don’t worry – no one really cares about you. In the new digital era, privacy by obscurity relies on poor search, poor image recognition, and even less interest in what you’re doing. Effectively, Streetview will be used to watching streets, and little else. Continue reading
Canadian SIGINT Summaries
The Canadian SIGINT Summaries includes downloadable copies, along with summary, publication, and original source information, of leaked CSE documents.
Parsons, Christopher; and Molnar, Adam. (2021). “Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports,” David Murakami Wood and David Lyon (Eds.), Big Data Surveillance and Security Intelligence: The Canadian Case.
Parsons, Christopher. (2015). “Stuck on the Agenda: Drawing lessons from the stagnation of ‘lawful access’ legislation in Canada,” Michael Geist (ed.), Law, Privacy and Surveillance in Canada in the Post-Snowden Era (Ottawa University Press).
Parsons, Christopher. (2015). “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” Telecom Transparency Project.
Parsons, Christopher. (2015). “Beyond the ATIP: New methods for interrogating state surveillance,” in Jamie Brownlee and Kevin Walby (Eds.), Access to Information and Social Justice (Arbeiter Ring Publishing).
Bennett, Colin; Parsons, Christopher; Molnar, Adam. (2014). “Forgetting and the right to be forgotten” in Serge Gutwirth et al. (Eds.), Reloading Data Protection: Multidisciplinary Insights and Contemporary Challenges.
Bennett, Colin, and Parsons, Christopher. (2013). “Privacy and Surveillance: The Multi-Disciplinary Literature on the Capture, Use, and Disclosure of Personal information in Cyberspace” in W. Dutton (Ed.), Oxford Handbook of Internet Studies.
McPhail, Brenda; Parsons, Christopher; Ferenbok, Joseph; Smith, Karen; and Clement, Andrew. (2013). “Identifying Canadians at the Border: ePassports and the 9/11 legacy,” in Canadian Journal of Law and Society 27(3).
Parsons, Christopher; Savirimuthu, Joseph; Wipond, Rob; McArthur, Kevin. (2012). “ANPR: Code and Rhetorics of Compliance,” in European Journal of Law and Technology 3(3).