Bryan Seely, a Microsoft Engineer demonstrated an attack against Google Maps through which he was able to set up fake Secret Service offices in the company's geo-database, complete with fake phone numbers that rang a switch under his control and then were forwarded to real Secret Service offices, allowing him to intercept and record phone-calls made to the Secret Service (including one call from a police officer reporting counterfeit money). Seely was able to attack Google Maps by adding two ATMs to the database through its Google Places crowdsourcing tool, verifying them through a phone verification service (since discontinued by Google), then changing them into Secret Service offices. According to Seely, the disabling of the phone-verification service would not prevent him from conducting this attack again.
As Dune Lawrence points out, this is a higher-stakes version of a common spam-attack on Google Maps practiced by locksmith, carpet cleaning, and home repair services. Spammers flood Google Maps with listing for fake "local" companies offering these services, and rake in high commissions when you call to get service, dispatching actual local tradespeople who often charge more than you were quoted (I fell victim to this once, when I had a key break off in the lock of my old office-door in London and called what appeared to be a "local" locksmith, only to reach a call-center who dispatched a locksmith who took two hours to arrive and charged a huge premium over what I later learned by local locksmiths would have charged). Read the rest
The Electronic Frontier Foundation is trying to figure out what the LAPD is doing with the mountains (and mountains) of license-plate data that they're harvesting in the city's streets without a warrant or judicial oversight. As part of the process, they've asked the LAPD for a week's worth of the data they're collecting, and in their reply brief, the LAPD argues that it can't turn over any license-plate data because all the license-plates they collect are part of an "ongoing investigation," because every car in Los Angeles is part of an ongoing criminal investigation, because some day, someone driving that car may commit a crime.
As EFF's Jennifer Lynch says, "This argument is completely counter to our criminal justice system, in which we assume law enforcement will not conduct an investigation unless there are some indicia of criminal activity."
This reminds me of the NSA's argument that they're collecting "pieces of a puzzle" and Will Potter's rebuttal: "The reality is that the NSA isn't working with a mosaic or a puzzle. What the NSA is really advocating is the collection of millions of pieces from different, undefined puzzles in the hopes that sometime, someday, the government will be working on a puzzle and one of those pieces will fit." The same thing could be said of the LAPD.
Read the rest
The ACLU has produced a video based on its Meet Jack. Or, What The Government Could Do With All That Location Data slide presentation from 2013. It's a chilling and sometimes funny look at the way that location data can be used to compromise you in ways large and small. As Josh from the ACLU notes, "It's especially interesting after the news yesterday about the DHS plan for a national license plate location history database (which got scrapped after it was exposed)."
Meet Jack. Or, What The Government Could Do With That Location Data
Read the rest
If you have an Android or Ios smartphone, it defaults to storing the history of all the places you go, at a very fine resolution, for a very long time, and mirrors that data on remote servers from which it might be leaked or subpoenaed. Lifehacker has a great tutorial on deleting your Location History and turning off future logging of your location. They cover both Ios and Android. I just did my devices, and it was very easy.
Read the rest
In Meet Jack. Or, What The Government Could Do With All That Location Data, the ACLU's Jay Stanley presents a slide deck from the near future in which a government intelligence service presents a glowing account of how it convicted "Jack R Benjamin" of DUI pre-crime, by watching all the places he went, all the people he interacted with, and using an algorithm to predict that he would commit a DUI, and, on that basis, to peer into every corner of his personal life.
The use of the slide deck is inspired here, echoing as it does the Snowden leaks (Snowden had been tasked with consolidating training documents from across the NSA, which is why he had access to such a wide variety of documents, and why they're all in powerpoint form). And the kind of data-mining here is not only plausible, it's likely -- it's hard to imagine cops not availing themselves of this capability.
Read the rest
A new Snowden leak reveals that the NSA and major US mobile phone carriers colluded to gather the location of millions of people around the world, including Americans in the USA, people not suspected of any crime, in order to data-mine them and ascribe guilt to people based on whether they were in proximity to suspected terrorists.
The program, called CO-TRAVELLER, tracks at least "hundreds of millions" of devices on "a planetary scale, and comprises at least 27 terabytes of data. According to an NSA document, they are gathering location data more quickly than they can store it, and have been building out more capacity at speed.
Less than one percent of the Snowden documents have been made public to date. Snowden was tasked by his employer with consolidating training and briefing materials from the NSA, and so he had access to enormous amounts of sensitive details on the NSA's internal programs.
Read the rest
In an explosive investigative piece published in the Guardian, Glenn Greenwald details a top-secret US court order that gave the NSA the ability to gather call records for every phone call completed on Verizon's network, even calls that originated and terminated in the USA (the NSA is legally prohibited from spying on Americans). This kind of dragnet surveillance has long been rumored; Senators Ron Wyden and Mark Udall published an open letter to US Attorney General Holden saying that "most Americans would be stunned to learn the details of how these secret court opinions have interpreted...the Patriot Act." Here, at last, are the details:
Read the rest
The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of "all call detail records or 'telephony metadata' created by Verizon for communications between the United States and abroad" or "wholly within the United States, including local telephone calls".
The order directs Verizon to "continue production on an ongoing daily basis thereafter for the duration of this order". It specifies that the records to be produced include "session identifying information", such as "originating and terminating number", the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and "comprehensive communication routing information".
The information is classed as "metadata", or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such "metadata" is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.
Unique in the Crowd: The privacy bounds of human mobility, a Nature Scientific Reports paper by MIT researchers and colleagues at Belgium's Universite Catholique de Louvain, documents that 95% of "anonymous" location data from cellphone towers can be de-anonymized to the individual level. That is, given data from a region's cellular towers, the researchers can ascribe individuals to 95% of the data-points.
“We show that the uniqueness of human mobility traces is high, thereby emphasizing the importance of the idiosyncrasy of human movements for individual privacy,” they explain. “Indeed, this uniqueness means that little outside information is needed to re-identify the trace of a targeted individual even in a sparse, large-scale, and coarse mobility dataset. Given the amount of information that can be inferred from mobility data, as well as the potentially large number of simply anonymized mobility datasets available, this is a growing concern.”
The data they studied involved users in an unidentified European country, possibly Belgium, and involved anonymized data collected by their carriers between 2006 and 2007.
Anonymized Phone Location Data Not So Anonymous, Researchers Find [Wired/Kim Zetter]
Read the rest
After my event at Austin's Book People on Feb 22, I'll be doing a benefit for EFF-Austin on their location privacy campaign. We did this the last time I came through town and it was tremendous -- come on out!
An evening with Cory Doctorow and EFF-Austin
Read the rest
is a free Android
app from the Sunlight Foundation that helps you to learn more about your surroundings in seconds. Sitegeist takes public data about the people, housing, history, environment and things to do for any U.S. location and presents it in easy-to-view infographics. Just scroll and swipe your way through the categories to get a feel for the area. Everything from age distributions to political contributions and median home values to record temperatures. It makes complex localized data easy to understand so you can get back to enjoying the neighborhood. The app incorporates publicly available data from a number of sources including the U.S. Census Bureau, InfluenceExplorer.com, the Dark Sky weather API and even Yelp and Foursquare. Sunlight will continue to add and improve on the app as more rich data becomes public."
Read the rest
The London Underground workers made a funny.
(Thanks, Fipi Lele!)
(Image: source unknown -- if you know it, please leave details in the comments)
Read the rest
If you've got a major-brand camera with a built-in GPS, don't plan on taking any geotagged photos in China. Chinese law prohibits mapmaking without a license, and most of the large camera manufacturers have complied with this regulation by quietly slipping a censorship function into the GPS -- when you take a picture, the camera checks to see if it's presently in China, and if it is, it throws away its GPS data, rather than embedding it in the photo's metadata. On Ogle Earth, Stefan Geens looks at how several different manufacturers handle this weirdness -- how they phrase it in their manuals, and what their cameras do when they run up against this limitation. It's a fascinating look at the interface between consumer electronics, user interface, and the edicts of totalitarian regimes. In some Nikon cameras, for example, the GPS does work, but all its measurements are shifted about 500m to the west (!).
Read the rest
Why does all this matter? Wherever local laws prohibit the sale or use of a personal electronics device able to perform a certain function, manufacturers have traditionally chosen not to sell the offending device in that particular jurisdiction, or — if the market is tempting enough — to sell a crippled model made especially for that jurisdiction.
For example, Nokia chose not to sell the N95 phone in Egypt when the sale of GPS-enabled devices there was illegal before 2009, whereas Apple opted to make and sell a special GPS-less iPhone 3G for that market. Early models of the Chinese iPhone 3GS lacked wifi, while the Chinese iPhone 4/4S has firmware restrictions on its Google Maps app.
Michael Geist sez,
Canada Post has filed a copyright infringement lawsuit against Geolytica, which operates GeoCoder.ca, a website that provides several geocoding services including free access to a crowdsourced compiled database of Canadian postal codes. Canada Post argues that it is the exclusive copyright holder of all Canadian postal codes and claims that GeoCoder appropriated the database and made unauthorized reproductions.
GeoCoder, which is being represented by CIPPIC, filed its statement of defence yesterday. The defence explains how GeoCoder managed to compile a postal code database by using crowdsource techniques without any reliance on Canada Post's database. The site created street address look-up service in 2004 with users often including a postal code within their query. The site retained the postal code information and gradually developed its own database with the postal codes (a system not unlike many marketers that similarly develop databases by compiling this information). The company notes that it has provided access to the information for free for the last eight years and that it is used by many NGOs for advocacy purposes.
While GeoCoder makes for a fascinating case study on generating crowdsourced information, the legal issues raised by the case should attract widespread attention. Key issues include whether there is any copyright in postal codes, questions on whether Canada Post owns copyright in the database if there is copyright, and a denial that the crowdsourced version of the database - independently created by GeoCoder - infringes the copyright of the Canada Post database.
Canada Post Files Copyright Lawsuit Over Crowdsourced Postal Code Database
Read the rest
A French court has ruled that Google's free Google Maps application API is anti-competitive and has ordered the company to pay €500,000 to Bottin Cartographes, a for-pay map company, as well as a €15,000 fine. Bottin Cartographes argued that Google was only planning to give away the service for free until all the competitors had been driven out of business and then they would start charging. This seems implausible to me, and contrary to Google's business model (give away services, make money from mining the use of those services). Google says it will appeal.
"This is the end of a two-year battle, a decision without precedent," said the lawyer for Bottin Cartographes, Jean-David Scemmama.
"We proved the illegality of (Google's) strategy to remove its competitors... the court recognised the unfair and abusive character of the methods used and allocated Bottin Cartographes all it claimed. This is the first time Google has been convicted for its Google Maps application," he said.
I wonder what Bottin Cartographes will do when OpenStreetMaps finishes producing high-quality, free, public domain maps of France that can be used to create APIs of the same scope and utility?
France convicts Google Maps for unfair competition
Read the rest
ICanStalkU is a twitterbot Twitter-analyzing service that seeks out Twitter users who transmit their location in the photos they tweet and generates responses like "ICanStalkU was able to stalk @XXXXXXXXXX at http://maps.google.com/?q=35.5371666667,139.510166667," with the stated purpose of "Raising awareness about inadvertent information sharing."
I generally like the idea of helping people understand that their software may be disclosing information about themselves that they're not aware of, but I find this method a little tiresome. On a few occasions, I've deliberately turned on location data when sending out an image (for example, when tweeting an image of a public event or artwork and wanting to conveniently attach a location to the tweet so others can find it) only to get chided (not by bots, but by other Twitter users) who sent words to the effect of, "Some privacy advocate you are! Why are you sending location data with your images?"
I've also been nagged by someone's twitterbot that wanted to tell me off for including my email address in a tweet, because the author had decided that this would make me more vulnerable to spam (I have one email address and it's been public for about 15 years now -- there's no spambot that doesn't know it by now). It's nice that people want to help others understand the wider context of their actions, but there's a fine line between helping and nagging.
Adding location data to a photo of something in public -- a protest, a spectacle, a store -- isn't necessarily a privacy breach. Read the rest