Watchers/Listeners

December 2, 2011

“Even the Catholic Church of the Middle Ages was tolerant by modern standards.
Part of the reason for this was that in the past no government had the power to keep its citizens under constant surveillance.
The invention of print, however, made it easier to manipulate public opinion, and the film and the radio carried the process further.
With the development of television, and the technical advance which made it possible to receive and transmit simultaneously on the same instrument, private life came to an end.”
– George Orwell, 1984 (quote found here)


(Illustration found here).

WikiLeaks founder Julian Assange spoke Monday during a panel discussion at London’s Bureau of Investigative Journalism — he was announcing another WikiLeaks dump, this time the files concern private surveillance companies who have worked with various world governments to track whoever via monitoring software integrated into electronic devices.

“Who here has a BlackBerry?
Who here uses Gmail?
Well you are all screwed!” Assange exclaimed.
“The reality is intelligence contractors are selling right to countries around the world mass surveillance systems for all of those products.”

Meanwhile, just yesterday, Sen. Al Franken demanded an explanation on how the so-called ‘Carrier IQ,’ installed all new Android smartphones, really works — this hidden software  is supposedly meant to help mobile carriers monitor and diagnose problems with their devices, but in reality may transmit personal information.
In a letter to Carrier IQ President and CEO Larry Lenhart, Franken wanted more information on the capabilities of the device.
Via Raw Story:

“I am very concerned by recent reports that your company’s software—pre-installed on smartphones used by millions of Americans—is logging and may be transmitting extraordinarily sensitive information from consumers’ phones…
“I understand the need to provide usage and diagnostic information to carriers,” he continued.
“I also understand that carriers can modify Carrier IQ’s software.
But it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.”
“These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act,” Franken warned.
“This is potentially a very serious matter.”

Serious indeed.
Franken was responding to a claim from Trevor Eckhart, a 25-year-old electronics expert, that the Carrier IQ operation can be used in nefarious ways.
On Eckhart’s blog he explains how this works, and despite a lot of geek shit (non-sensible to me), he concludes:

The fact that it’s embedded into the shipped device raises very serious security and privacy concerns.

The CIQ application is embedded so deeply in the device that it can’t be fully removed without rebuilding the phone from source code.
This is only possible for a user with advanced skills and a FULLY unlocked device.

If a bad actor discovered a vulnerability or used malware, he could potentially exploit that opportunity to become a “CIQ operator,” leaving many users helpless against the extensive collection and misuse of their own information and no way to stop it.
With so much moving code across the operating system, I would say the chances of malware looking here isn’t that far-fetched.

Of course, Carrier IQ got pissed at Eckhart, fired off a cease-and-desist letter and demanded he issue an apology for calling its software a”rootkit,” but back-tracked when Electronic Frontier Foundation became involved.
The EFF is an US-based non-profit digital rights advocacy and legal organization.
From CNET News:

Just days later, Carrier IQ did an about face after the Electronic Frontier Foundation responded to its cease-and-desist letter, saying that Eckhart’s comments and research are protected under the Copyright Act’s fair use provision.
“Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart,” the company said in response to the EFF’s letter.
“We sincerely appreciate and respect EFF’s work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.”

In dumping the surveillance logs, termed “The Spy Files,” WikiLeaks on its Web site explains:

International surveillance companies are based in the more technologically sophisticated countries, and they sell their technology on to every country of the world.
This industry is, in practice, unregulated.
Intelligence agencies, military forces and police authorities are able to silently, and on mass, and secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers.
Users’ physical location can be tracked if they are carrying a mobile phone, even if it is only on stand by.

When citizens overthrew the dictatorships in Egypt and Libya this year, they uncovered listening rooms where devices from Gamma corporation of the UK, Amesys of France, VASTech of South Africa and ZTE Corp of China monitored their every move online and on the phone.

The CIA officials have bought software that allows them to match phone signals and voice prints instantly and pinpoint the specific identity and location of individuals.
Intelligence Integration Systems, Inc., based in Massachusetts — sells a “location-based analytics” software called Geospatial Toolkit for this purpose.
Another Massachusetts company named Netezza, which bought a copy of the software, allegedly reverse engineered the code and sold a hacked version to the Central Intelligence Agency for use in remotely piloted drone aircraft.

And this is beyond just the old ‘looking over you shoulder‘ routine — be aware and be watchful, they are.