Juha sez, "If you're going to build a protest movement, it might be better to stay off Facebook and Twitter because the cops are fully tuned into social media these days. The Open Source Intelligence Unit at London's Metropolitan Police Service has a staff of seventeen who work seven days a week - to track social media feed back and to monitor community tension. Having a sense of humour and understanding of slang gives humans the edge over social media surveillance software, UK cops reckon. The British cops are worried about 4G mobile broadband though because it'll generate much more data such as video."

The unit monitored some 32 million social media articles during the Olympics, with 10,300 tweets being posted every second during the opening ceremony.

“Companies will tell your that sentiment analysis from a piece of software is about 56 percent accurate … we would say it's lower, because it doesn’t pick up humour or slang,” Ertogral said.

In addition to looking at trends, he said the unit was also exploring association to establish influencers, particularly for protest movements.

“So we’re trying to build friend lists on Facebook, who’s connected to who, who are the influencers out there etc.”

Police tap social media in wake of London attack [Charis Palmer/IT News]

(Thanks, Juha!)

My new Guardian column, "Privacy, public health and the moral hazard of surveillance," discusses the way that the governments' reliance on social networks for intelligence purposes means that they can't intervene to help their populations get better at trading their privacy for services.

That's a crisis. If online oversharing is a public health problem, then the state's decision to harness it for its own purposes means that huge, powerful forces within government will come to depend on oversharing. It will be vital to their jobs – their pay-packets will literally depend on your inability to gauge the appropriateness of your online disclosure.

They will be on the same side as the companies that profit from oversharing, because they will, effectively, be just another firm that benefits from oversharing.

It's as though Scotland Yard decreed that obesity was critical to its ability to catch slow-moving, easily winded suspects. It's as though the NHS announced it would cope with the expense of an aging population by encouraging chain-smoking. The dangers of oversharing are hard enough to manage when it's just the private sector that benefits from them.

Privacy, public health and the moral hazard of surveillance

Remember the gigantic data-center that the NSA is building in Utah in order to (illegally) process the electronic communications of the whole world? Turns out that the state of Utah plans on taxing the titanic amounts of electricity it will consume at 6%. The NSA is pissed.

"We are quite concerned [about] this," Harvey Davis, NSA director of installations and logistics, wrote in the April 26 email, obtained through a Utah open records law request.

In a follow-up email Davis sent 31 minutes later, he explained: "The long and short of it is: Long-term stability in the utility rates was a major factor in Utah being selected as our site for our $1.5 billion construction at Camp Williams. HB325 runs counter to what we expected."

HB325, which Herbert signed into law April 1, benefits the Utah Military Installation Development Authority (MIDA). It allows the entity, which was set up to put select military properties on the public tax rolls, to collect a tax of up to 6 percent on Rocky Mountain Power electricity used by the Utah Data Center.

In surprise to NSA, Utah Data Center may pay tax on electricity [Nate Carlisle/The Salt Lake Tribune]

(via /.)

Bruce Schneier's got smart things to say about surveillance in the age of the Internet of Things:

In the longer term, the Internet of Things means ubiquitous surveillance. If an object "knows" you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days --and night -- with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.

Will you know any of this? Will your friends? It depends. Lots of these devices have, and will have, privacy settings. But these settings are remarkable not in how much privacy they afford, but in how much they deny. Access will likely be similar to your browsing habits, your files stored on Dropbox, your searches on Google, and your text messages from your phone. All of your data is saved by those companies -- and many others -- correlated, and then bought and sold without your knowledge or consent. You'd think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who don't pay for the privilege -- or don't work for the government and have the ability to demand the data. Power is what matters here: you'll be able to keep the powerless from invading your privacy, but you'll have no ability to prevent the powerful from doing it again and again.

Surveillance and the Internet of Things

In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem -- through much of the 1990s, AT&T's CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company's switches to listen in on the highest levels of government.

But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility -- it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software.

As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn't matter if you trust the government not to abuse this power (though, for the record, I don't -- especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) -- deliberately weakening device security makes you vulnerable to everyone, including the worst criminals:

Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss.

Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system.

Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks.

Felten's remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI's proposal. It's an important read -- maybe the most important thing you'll read all month. If you can't trust your devices, you face enormous danger.

CALEA II: Risks of wiretap modifications to endpoints

Glenn Greenwald notes the alarming revelation from a CNN Out Front interview between host Erin Burnett and Tim Clemente, "a former FBI counterterrorism agent," where Clemente claimed that the FBI had access to recordings of every phone call made in America:

BURNETT: Tim, is there any way, obviously, there is a voice mail they can try to get the phone companies to give that up at this point. It's not a voice mail. It's just a conversation. There's no way they actually can find out what happened, right, unless she tells them?

CLEMENTE: "No, there is a way. We certainly have ways in national security investigations to find out exactly what was said in that conversation. It's not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out.

BURNETT: "So they can actually get that? People are saying, look, that is incredible.

CLEMENTE: "No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not."

Are all telephone calls recorded and accessible to the US government? (via /.)