1 / 20

The Technology of Government Surveillance And Invasion of Privacy

The Technology of Government Surveillance And Invasion of Privacy. Technological Risks to Privacy: The Virtual World. ISP Data Collection.

eric-hull
Télécharger la présentation

The Technology of Government Surveillance And Invasion of Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Technology of Government Surveillance And Invasion of Privacy

  2. Technological Risks to Privacy: The Virtual World

  3. ISP Data Collection • New York Times, 2006: “The Justice Department is asking Internet companies to keep records on the Web-surfing activities of their customers to aid law enforcement, and may propose legislation to force them to do so.” (link) • Wired surveyed ISPs in 2007 – the majority never responded to their questions, or had “no comment”

  4. ISP “Blunders” • Ars Technica February 2008: “A classified report written by the Office of the Inspector General (OIG) that was obtained by the [...] EFF through a [...] FOIA lawsuit reveals that an unnamed Internet service provider gave federal law enforcement agents access to e-mail records for an entire domain even though the Foreign Intelligence Surveillance Court had only authorized surveillance of a single address from the domain.” (link)

  5. Sniffing the Wire • Browsing to www.gmail.com from Rutgers puts your data on a path that passes through at least 18 hosts. • Any one of those hosts could be monitoring your browsing habits, or sending data to an unknown third party.

  6. Sniffing the Wire and Encryption • Even with encryption, large amounts of personal data are transmitted in the (relative) clear over the network. • Even using SSL/HTTPS, every URL that you request is transmitted in the clear. • A detailed personal browsing history could be established remotely even with “secure” communications.

  7. Carrier-side Cellular Interception • Faith is put in your cellular carrier to protect your personal information. • Wired, March 2008: “A U.S. government office in Quantico, Virginia, has direct, high-speed access to a major wireless carrier's systems, exposing customers' voice calls, data packets and physical movements to uncontrolled surveillance, according to a computer security consultant who says he worked for the carrier in late 2003.” (link)

  8. Protecting Yourself - Proxies • Users can make use of an anonymous web proxy, a server that requests web pages on your behalf and protects your IP address from being discovered upstream. • Increasingly difficult to find – fewer and fewer still alive. • This relies on trust of the proxy server to actually be anonymous.

  9. Protecting Yourself - Encryption • Encrypt all email communications using a tool such as GPG. • Encrypt Instant Messaging conversations using a tool such as Pidgin Off-The-Record. IM is especially easy to intercept. • Whenever possible, use web sites that offer an encrypted (SSL/HTTPS) connection.

  10. Protecting Yourself – OS Security • Government-run spyware in Germany (link) • Use an operating system that is less prone to spyware (Mac, Linux, Unix). • Use a “trusted” or “secure” operating system – Solaris/Trusted Solaris, SELinux, NSA Linux.

  11. Protecting Yourself – Separate OSs • Use separate operating system installations for web browsing and work with personal data. • Use a separate virtualized operating system for non-sensitive tasks (VMWare, VirtualBox, etc.) • Use a known secure operating system when using public computers, such as an Ubuntu LiveCD or USB drive.

  12. Did you know? • Google is considered to be among the most privacy-conscious search engines. • Google stores your detailed, non-anonymous browsing history for 18-24 months (link) • Google Privacy Policy: “We offer some of our services in connection with other web sites. Personal information that you provide to those sites may be sent to Google in order to deliver the service.” (link) • Facebook is among the least privacy-conscious sites (now-defunct Facebook Beacon).

  13. Technological Risks to Privacy: The Physical World

  14. Wireless Network Interception • Wireless networks are NOT secure. • WEP can be cracked in under 60 seconds (link) This was even publicly demonstrated by two FBI agents. • The more secure encryption methods, WPA and WPA2, can still be cracked in minutes (link to commercial product).

  15. Cellular and Bluetooth • Encryption on GSM cellular conversations (more secure than Verizon's CDMA) can be cracked in 30 minutes with personal computers, and 30 seconds with more advanced hardware (link). • Bluetooth has a range of > 30 feet. Not only can conversations be recorded, but data such as address books, call history and calendars can be obtained. (video)

  16. RFID • New hitachi chip is smallest RFID tag yet; encoded with a globally unique, non-alterable ID. • An item tagged with such a passive RFID chip could be tracked from manufacture through final sale – possession of a tagged item could easily reveal where and when it was purchased.

  17. How to Protect Yourself • Keep sensitive information off of wireless networks (banking, credit cards, etc.). • Setup WPA and MAC filtering with strong passwords. Hide your SSID. • TURN OFF Bluetooth when in public, especially in crowded buildings and areas such as train stations. • Be aware of products that contain RFID chips.

  18. van Eck Attacks • All computers release spurious RF emissions; CRT monitors release especially large amounts. • These emissions can be captured. With the right equipment, a technician in a van across the street from your house could reconstruct the entire image on your screen.

  19. van Eck Attack from 25 meters away

  20. Is A Ballot Really Secret? • Dutch voting machines banned after successful van Eck attack.

More Related