Seecrypt costs $3 a month and allows subscribers to make encrypted phone calls to each other. It promises a "100% protected network through encryption between two callers anywhere in the world." Sounds interesting and useful for keeping government snoops away. However, the press release issued today tells a somewhat different story:

“Seecrypt will pro-actively assist law enforcement agencies to prevent criminal activity being carried out using this encryption service. Our technology is designed to restore privacy rights for legitimate usage," stated Seecrypt CEO Mornay Walters. “Seecrypt's Privacy Network has been designed so that it can terminate access rights immediately for any individual identified by law enforcement or other governmental authorities as suspected of improper use.”

Does that mean that if someone is using Seecrypt and the government starts investigating them the service simply shuts off? If so, it's a great way for criminals to learn that they are under investigation.

Or does it mean that Seecrypt will let the suspect make calls without letting them know that the encryption has been disabled?

Or, does it mean Seecrypt will do something else that I can't think of? I emailed SeeCrypt to find out and will share my answer when I get it.

More from the press release:

Seecrypt advisor and former assistant director, U.S. Secret Service, Anthony Chapa added, “Seecrypt’s impressive technology provides a new level of protection to company executives and individual citizen’s privacy rights, while not compromising international and U.S. investigative efforts surrounding serious criminal activity. There are techniques that law enforcement and intelligence organizations have available, and with the help of Seecrypt would not impede their mission.”

My new Guardian column, "Privacy, public health and the moral hazard of surveillance," discusses the way that the governments' reliance on social networks for intelligence purposes means that they can't intervene to help their populations get better at trading their privacy for services.

That's a crisis. If online oversharing is a public health problem, then the state's decision to harness it for its own purposes means that huge, powerful forces within government will come to depend on oversharing. It will be vital to their jobs – their pay-packets will literally depend on your inability to gauge the appropriateness of your online disclosure.

They will be on the same side as the companies that profit from oversharing, because they will, effectively, be just another firm that benefits from oversharing.

It's as though Scotland Yard decreed that obesity was critical to its ability to catch slow-moving, easily winded suspects. It's as though the NHS announced it would cope with the expense of an aging population by encouraging chain-smoking. The dangers of oversharing are hard enough to manage when it's just the private sector that benefits from them.

Privacy, public health and the moral hazard of surveillance

Here'a an excellent piece on the promise and peril of "smart cities," which could be part of a system to make cities fairer and more transparent, or could form the basis for an authoritarian lockdown. As Adam Greenfield says, "[the centralized model of the smart city is] disturbingly consonant with the exercise of authoritarianism." The author mentions Greenfield's upcoming book "The City is Here for You to Use" (a very promising-looking read) as well as Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia, which is out in the fall.

These critics are advocating not that cities shun technology, but that they foster a more open debate about how best to adopt it—and a public airing of the questions cities need to ask. One question is how deeply cities rely on private companies to set up and maintain the systems they run on. Smart-city projects rely on sophisticated infrastructure that municipal governments aren’t capable of creating themselves, Townsend points out, arguing that the more they rely on software, the more cities are increasingly shunting important civic functions and information into private hands. In recent talks and in his upcoming book, “Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia,” Townsend portrays companies as rushing to become the indispensable middlemen without which the city cannot function.

Cities can easily lose leverage to private companies their citizens rely on, as the persistent battles of political leaders against telecom companies over price increases show. And private-sector software can operate behind a veil: Townsend says that while cities have made lots of data freely available online, there’s less concern about opening up the proprietary tools used to analyze that data—software that might help a city official decide who is eligible for services, or which neighborhoods are crime hotspots. “It’s the algorithms in government that need to be brought out to the light of day, not the data,” he says. “What I worry about are the de facto laws that are being coded in software without public scrutiny.”

Another concern is what will be done to protect the huge amount of data cities can gather about their citizens. The wealth of video at the Boston Marathon bombings, though it came from private cameras, showed how useful surveillance footage can be—and also how pervasive. Cameras, sensors, and tracking technologies like the Mass Pike’s EZPass can reveal a great deal about your life: where you live and travel, what you buy, even what time you take a shower. Smart grid utility-metering systems, for instance, collect and transmit detailed energy consumption information, which help consumers understand and curb their energy use but can also reveal their habits. As such, they have come under fire for threatening privacy and civil liberties, and several states have adopted legislation governing what kind of data can be shared with third parties and how customers can opt out. In Massachusetts, automated license plate recognition technology used by police cruisers has raised concerns about authorities tracking the whereabouts of citizens. The American Civil Liberties Union of Massachusetts has been pushing for a License Plate Privacy Act that would limit law enforcement’s ability to retain and use the information.

The too-smart city [Courtney Humphries/Boston Globe]

(via Beyond the Beyond)

Troy Maye was wanted for a string of identity thefts, but the IRS couldn't positively identify him. But after he passed a thumb-drive of stolen data to an IRS informant, investigators were able to pull his name off the drive's metadata. They used that to find his Instagram profile, and found a food-porn photo he'd taken at the Morton's steakhouse where he'd dined with the informant. Busted.

"IRS Agent Louis Babino then headed to Google and located Maye’s Instagram page, which contained a profile photo of Maye. When shown the profile photo, the CW confirmed that Maye (seen at right) was the man with whom he dined at Morton’s."

Well, sure, Agent Babino, but how can you be really sure this was your guy?

"A further review of Maye’s Instagram page, Babino noted, revealed “a photo of a steak and macaroni and cheese meal containing the caption ‘Morton’s.’” The image--uploaded on January 7 at 11:24 PM--“appears to coincide” with the CW’s meeting at Morton’s, added Babino."

Yup, this guy food-porned his way into being arrested. The Instagram photo is reportedly being entered into evidence in the case, so one hopes the juicy steak and the creamy mac and cheese was really, really worth all the trouble Maye is now in. Once again, if you're a criminal, online narcicism is probably something you'd be best to avoid.

Criminal Nabbed By His Own Food Porn [Timothy Geigner/TechDirt], [Gabrielle Bluestone/Gawker]

Bruce Schneier's got smart things to say about surveillance in the age of the Internet of Things:

In the longer term, the Internet of Things means ubiquitous surveillance. If an object "knows" you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days --and night -- with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.

Will you know any of this? Will your friends? It depends. Lots of these devices have, and will have, privacy settings. But these settings are remarkable not in how much privacy they afford, but in how much they deny. Access will likely be similar to your browsing habits, your files stored on Dropbox, your searches on Google, and your text messages from your phone. All of your data is saved by those companies -- and many others -- correlated, and then bought and sold without your knowledge or consent. You'd think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who don't pay for the privilege -- or don't work for the government and have the ability to demand the data. Power is what matters here: you'll be able to keep the powerless from invading your privacy, but you'll have no ability to prevent the powerful from doing it again and again.

Surveillance and the Internet of Things

In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem -- through much of the 1990s, AT&T's CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company's switches to listen in on the highest levels of government.

But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility -- it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software.

As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn't matter if you trust the government not to abuse this power (though, for the record, I don't -- especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) -- deliberately weakening device security makes you vulnerable to everyone, including the worst criminals:

Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss.

Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system.

Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks.

Felten's remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI's proposal. It's an important read -- maybe the most important thing you'll read all month. If you can't trust your devices, you face enormous danger.

CALEA II: Risks of wiretap modifications to endpoints