Researchers at Carnegie Mellon have come up with this new IoT Assistant app (available for both iOS and Android) that will supposedly inform you about what Internet-connected smart devices are around you at any point in time, and what kind of information they might be collecting.

“Because of new laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), people need to be informed about what data is collected about them and they need to be given some choices over these processes,” says Professor Norman Sadeh, a CyLab faculty member in Carnegie Mellon’s Institute for Software Research and the principal investigator on the project. “We have built an infrastructure that enables owners of IoT technologies to comply with these laws, and an app that takes advantage of this infrastructure to empower people to find out about and control data collected by these technologies.”

I've downloaded the app myself, and I plan on adding my own smart home devices to their database, just to see what I can find. I don't know how well it will actually work, but I'm certainly intrigued by the idea.

New infrastructure will enhance privacy in today’s Internet of Things [Daniel Tkacik / CyLab, the Carnegie Mellon University Security and Privacy Institute] Read the rest

Anyone who’s visited France or who keeps track of the nation's doings through the news, knows that it’s a nation that’ll put up with a lot of bullshit -- being overrun by tourists, loud talkers, or smiling at strangers -- provided said bullshit doesn’t infringe on the quality of its citizens' lives. The Paris government is arguing that excessively loud vehicles falls on the infringement list. At first blush, it looks like they're trying to do something about it.

From Engadget:

Parisians with powerful cars might want to think carefully before showing off their rides. Parts of the city (most recently the suburb of Villeneuve-le-Roi) are testing a "noise radar" system from Bruitparif that can pinpoint loud vehicles and, eventually, ticket them. The system uses four microphones to triangulate the origins of a sound and link it with CCTV footage to pinpoint whoever's making the racket.

Just shy of 40 of the devices are in use so far, primarily near bars in Paris' entertainment regions as well as 17 around major buildings.

It sounds like a great idea, but I suspect that there might be something greasy going on here. The technology being put into use sounds suspiciously similar to the gunshot locator systems manufactured by ShotSpotter and a few other tech firms. ShotSpotter’s website provides a basic lesson on how the technology works:

Acoustic sensors are strategically placed in a coverage area. When a gun is fired, the sensors detect shots fired. Audio triangulation pinpoints gunfire location and machine-learning algorithms analyze the sound.

Read the rest

Trump Administration wants Congress to bring N.S.A.’s deactivated Call Records program back to life.

The National Security Agency is reportedly considering ending the mass surveillance program that gathered data about hundreds of millions of telephone call records each year, including ones by Americans. Read the rest

Since 2001, the NSA has secretly ingested the calling records of virtually every US mobile phone subscriber, with the covert participation of the mobile carries; the program -- authorized by a secret order of then-president GW Bush -- remained secret until it was disclosed through documents provided to journalists by the whistleblower Edward Snowden. Read the rest

It's getting more difficult with every passing day to keep from being spied upon by nefarious tools interested in getting their hands on your personal information, creeping on what you're browsing with on your laptop or phone and, if you've not bothered to cover up that webcam, keep tabs on your life as they stream images of your day-to-day doings across the Internet. Thanks to a group of computer-savvy scientists, it looks like there may soon be one more monitoring method that we'll have to watch out for.

From Ars Technica:

Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia": a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens."

Synesthesia, at its core, is pretty much just Van Eck phreaking with a twist. Where Van Eck phreaking typically uses radio signals leaking from display hardware to snoop on what a computer user's perusing, Synesthesia listens for aural emissions from the bits and pieces that are required to power a display. Depending on what you're looking at on your computer's screen, the power being sent out to drive each pixel ramps up or down. This changes the pitch of power running through the display's guts. By capturing this audio for review, using the microphone built into the device or a nearby device like an Amazon Echo or other digital assistant-enabled device (never let one in your house,) it's very possible that a hacker could sort out what you were looking at with a bit of skill and a whole lot of machine learning. Read the rest

If someone has been trashing your Detroit gas station for an hour, and cops still haven't responded, chances are your business hasn't enrolled in Project Green Light. Read the rest

Internet traffic nowadays is mostly encrypted (“HTTPS”). Thus, for a few years now, Law Enforcement Agencies (LEA) have been facing far more challenges at gathering data through the interception of connections than they used to.

The Snoopers Charter, an extreme surveillance bill that passed last week, and it's the most extensive domestic spying regime that any "democratic" country has passed, and is a potential blueprint for Orwellian surveillance elsewhere in the years to come. Read the rest

Geofeedia bills itself as a way for marketers to reach potential customers through geotagged "hashtag listening," but they also sell it to police departments for "predicting, analyzing and acting on social media conversations," like, say, peaceful protests. Read the rest

America paid about $16 billion to five companies last year for 80% of our contracted domestic and international surveillance: Leidos Holdings, CSRA Inc., SAIC, CACI International, and Booz Allen Hamilton, recently in the news following an employee arrest on cyberweapons theft charges.

Tim Shorrock at The Nation did the legwork to to come up with the numbers.

“The problem with just five companies providing the lion’s share of contractors is that the client, the U.S. government, won’t have much alternative when a company screws up,” says David Isenberg, the author of Shadow Force: Private Security Contractors in Iraq. [...] “There comes a point when the marketplace is so concentrated that the service provider simply becomes too big to fail, no matter how lousy their performance,” says Isenberg, who closely monitors the privatization of national-security work. “If that makes you think of the financial-services industry, well, that’s exactly what I’m talking about.”

• 5 Corporations Now Dominate Our Privatized Intelligence Industry (The Nation)

Image: Thomas Tolkein Read the rest

The Intercept has obtained a secret government catalog that law enforcement agencies use to source even-more-secret cellular spying devices, mostly variants on the Read the rest