Types of Surveillance Technology Currently Used by ...
Upcoming SlideShare
Loading in...5

Types of Surveillance Technology Currently Used by ...






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Types of Surveillance Technology Currently Used by ... Types of Surveillance Technology Currently Used by ... Presentation Transcript

    • Types of Surveillance Technology Currently Used by Governments and Corporations Jeffrey Aresty President, Internetbar.org www.internetbar.org www.cyberspaceattorney.com March 2006
    • Introduction
      • At present, users obtain various online identities (“IDs”) from
        • E-mail
        • ISPs
        • URLs
      • IDs function on the Internet in anonymous space—an online “ID” does not actually identify the person connected with the ID
      • Anonymity facilitates theft, fraud, and abuse
    • Introduction
      • In contrast, in the works are efforts to create a new layer of identity
      • Focusing on the user, the new system would not require multiple online IDs, but would be characterized by a single sign-on
      • The system, called an “open security,” would be more secure and trustworthy, reducing theft, fraud, and abuse
    • Introduction
      • In part because we do not yet have security on line, governments and corporations can, and do, breach privacy with technology
      •  Intrusions fall into two categories
        •  Cyberspace intrusions
        •  Breaches of privacy in the physical world
      • Increasing capacity and tendency to use technology to connect new and old technologies for surveillance
    • Real-World Technologies that Intrude on Privacy
      • Cameras
      • Eavesdropping
      • Face-Recognition and other Biometrics
      • “ No Fly” and Similar Watch Lists
      • Odor Prints
      • Radiation Detection Technology
      • RFID
      • Smart Video Surveillance
    • Cameras
      • Cameras have been used for decades
        • by governments
          • to monitor traffic
          • to detect and prevent crime
        • by corporations
          • to surveill private businesses
          • to detect and prevent crime in retail establishments
    • Cameras
      • In Britain ,
        • more than four million closed-circuit (“CCTV”) cameras
        • 1,800 cameras in railway stations; 6,000 in underground train network and buses
        • CCTV tapes used in July 2005 London bombings investigation
      • In US ,
        • 5,000 cameras in New York City’s transportation systems
        • US Border Patrol uses Remote Video System (“RVS”) along borders, costing over $64 million in FY2005
      • Worldwide , video surveillance software sales in 2004 were $147 million; expected to reach $642 million in 2009
    • Eavesdropping
      • US government has capacity and authority to monitor e-mail, telephone, pager, wireless phone, facsimile, computer, and other electronic communications and communication devices
      • Court order is required except in emergencies and cases of national security
      • In 2003, 1,442 wiretaps requested, all granted, intercepting over four million conversations
    • Eavesdropping
      • National Security Agency (“NSA”) uses “Echelon”—global electronic eavesdropping system
        • Picks up telephone, e-mail, Internet upload 
        • Downloads communications transmitted by satellite, microwave tower, cable 
        • Information sifted by supercomputers for terrorism information 
        • Software-defined radio, a wireless technology, makes cell phones and computers easier to bug and m akes intercepting device compatible with networks
    • Face-Recognition and other Biometrics
      • Biometric devices scan, record, and recognize 
        • Irises
        • Voices
        • Facial bone structure 
      • Improved picture quality technology enables face-recognition software to inspect 1/400th of face—size of pores
      • Infrared technology piggybacked onto face-recognition software enables three-dimensional “map” of face 
      • Plans for US passports with face-recognition biometrics and RFID chips
      • EU requires member states to have face biometrics in passports in mid-2006
    • Face-Recognition and other Biometrics
      • In 2003, biometric face-recognition software resulted in over 40% false positives
      • $4.7 billion industry in 2009
      • Other biometrics: 
        • below-skin fingerprints (capture swirling patterns of capillaries)
        • palm scanners that read vein patterns
        • iris scanners
        • gait-recognition systems (measure torso’s silhouette and movement of shoulders and legs to determine individual signature strides)
    • “ No Fly” and Similar Watch Lists
      • In 2005, 12 separate lists maintained by nine US governmental agencies
      • Confusion and lack of leadership in maintenance of lists; some lists outdated
      • “List bloat”—lists become unreasonably large from incentive to add names, sloppiness
      • Innocent individuals’ names appear
    • “ No Fly” and Similar Watch Lists
      • Access to the lists curtailed in the name of security—nearly impossible to discover if and why a name is on the list, much less have it removed 
      • Lists will connect with government-developed “Secure Flight”
      • Related: British government pressing for creation of comprehensive electronic population register
    • Odor Prints
      • Odor-printing technology is based on premise that each human being has distinct set of odors that could serve as an identifier
    • Radiation Detection Technology
      • US Customs and Border Protection (“CBP”) employs radiation-detection technologies at official entry points, including 
        • Highly sensitive personal radiation detectors
        • Radiation portal monitors
        • Hand-held radiation isotope identifiers
    • Radio Frequency Identification (“RFID”)
      • Tiny computer chips use electromagnetic energy in the form of radio waves to track things from a distance 
      • Nicknamed “spychips” 
      • Can travel through clothing, backpacks, briefcases, wallets, walls, and windows without obstruction, misorientation, or detection
      • RFID chips read and retain biometric information, such as fingerprints and photographs
    • Radio Frequency Identification (“RFID”)
      • The RFID tag , in use in 2005, contains 
        • Tiny silicon computer chip with unique ID number
        • Connected antenna
      • RFID tag is 
        • Thumbnail size
        • Affixed to plastic surface
        • Paper thin 
      • Can be embedded into clothing label, where it is virtually undetectable 
    • Radio Frequency Identification (“RFID”)
        • “ Passive” RFID tags do not have their own internal power source, but communicate when a reader seeks a signal from them
        • “ Active” or self-powered RFID tags have a battery attached and so can actively transmit information 
      • RFID reader emits radio waves, seeking out RFID tags
      • RFID easily integrates into existing database systems 
      • Electronic Product Code—every, single object on Earth will have its own unique ID number
    • Radio Frequency Identification (“RFID”)
      • By 2005 embedded in some
        • Worker uniforms
        • Employee and student ID badges
        • Toll transponders
        • Animals (pets and livestock)
        • Warehouse crates and pallets
        • Gasoline cards
        • Consumer products such as diapers and shampoo
        • Library books
        • Toll collection systems such as EZ-Pass
        • Keyless remote systems for cars
        • Keyless remote systems for garage door openers
    • Radio Frequency Identification (“RFID”)
      • Predicted to be embedded soon in 
        • Clothing
        • Passports
        • ATM cards
        • Vehicles
        • US postage stamps
        • Paintings
        • Beads
        • Nails
        • Wires
        • Cash
    • Radio Frequency Identification (“RFID”)
      • “ VeriChip”—glass capsule containing RFID device to be injected into human flesh for ID and payment purposes 
        • 60 persons in US had VeriChips at end of 2005
        • Also, injected into deceased victims of Hurricane Katrina
      • RFID is predicted to be used by
        • Retailers to price products according to customer’s purchase history and value to store
        • Pharmaceutical manufacturers on prescription medications
        • Banks to identify and profile customers who enter premises
        • Governments to
          • electronically frisk citizens at invisible checkpoints
          • track citizens in airports and border-crossing points
          • track mail sent from point to point through embedded postage stamps
          • track library materials
    • Smart Video Surveillance
      • Video surveillance combined with behavior-recognition software 
      • Uses computer to 
        • “Learn” what “normal” behavior is
        • Identify unusual activity, such as shifting in one’s seat on a bus
        • Work in conjunction with other technology such as facial-recognition systems
    • Privacy Intrusions in Cyberspace
      • Clickstream Data Analysis 
      • Cookies 
      • Man-in-the-Middle Attacks 
      • Pharming 
      • Phishing 
      • Spyware 
      • Voice Over Internet Protocols (VoIPs) 
      • Web Bugs
    • Clickstream Data Analysis
      • Logs of transactions recently performed on Internet computers, such as 
        • Addresses of computers that have made requests
        • Date and time
        • How computer’s services were used
        • Which page was visited prior to entrance into Website
        • How Website was exited 
      • Internet logs also called “Clickstreams” 
      • Can be used to prepare statistics about paths taken and not taken by Internet users
    • Cookies
      • Small file placed and stored on user’s computer by remote computer
      • Used to track information about how user moved about Website 
        • Which choices made
        • Which links clicked 
      • User visits same Website again and cookie, now written onto user’s computer, provides information about user’s last visit 
      • Cookies can be used to build user profiles 
      • Internet sites share cookie information with others
    • Man-in-the-Middle Attacks
      • Computer security breach in which hacker intercepts, reads, and alters data traveling along network between two Websites 
      • Also called “TCP hijacking”
    • Pharming
      • Hacker’s redirection of Internet traffic from one Website to another
      • Second Website appears identical to legitimate site
      • User is tricked into entering user name and password into fake site 
      • “DNS poisoning” or “DNS cache poisoning” used to reroute user
      • Domain name system’s servers corrupted
    • Phishing
      • Internet user receives e-mail appearing to be legitimate and from reputable company, asking user to reply with updated credit card information
      • Clicking on link sends user to fake Website, where user provides
        • Credit card information
        • Date of birth
        • Address
        • Site password
        • Social Security number  
      • Also called “brand spoofing” 
      • “ Puddle phishing” is phishing specifically targeting a small company, such as community bank
    • Spyware
      • Software that sends data about user when computer is connected to the Internet
    • Voice Over Internet Protocols (VoIPs)
      • Method for speaking through computer by phone or microphone 
        • Analog voice signal converts to digital format
        • Broadband networks transmit calls in Internet Protocol (“IP”) packets 
      • Also called Internet telephony 
      • VoIP vulnerable to eavesdropping
        • A free Internet program captures and converts transmissions to audio files
    • Voice Over Internet Protocols (VoIPs)
      • Is VoIP a communications service or information service? 
      • In 2005, FCC adopted rules requiring VoIP providers to allow law enforcement to tap into Internet phone calls 
      • FBI has authority and ability to conduct surveillance of broadband users pursuant to court order
    • Web Bugs
      • Tiny, invisible image or graphic embedded into HTML-formatted Website or e-mail message to track users’ activities 
      • Web bugs present as HTML IMG tags 
      • Provide Website owner with information about hits, including
        • IP address of user’s computer
        • Type of browser used
        • Time of the hit
        • Previously set cookies 
      • Also called “HTML bugs” or “clear GIFs”
    • Connectors of Information
      • Automated Targeting System
      • Automatic Number Plate Recognition System  
      • CALEA Petition for Rulemaking  
      • Data Mining  
      • ID Cards  
      • Integrated Automated Fingerprint Identification System
      • Multistate Anti-Terrorism Information Exchange
      • “ Secure Flight” and other Targeting Systems  
      • Sharing/Databases  
      • Terrorist Screening Database of the Terrorist Screening Center
      • Total Information Awareness  
      • US-VISIT
    • Automated Targeting System (“ATS”)
      • US Customs and Border Protection technology collects and analyzes cargo shipping data 
      • Distinguishes and identifies high-risk shipments
    • Automatic Number Plate Recognition System (“ANPR”)
      • Britain’s national database
      • Each camera on a pole or in police van is supported by a computer 
      • Allows for automatic tracking
      • Information obtained by camera immediately cross-referenced with database 
      • In 2006, information could be stored for two years; projected to be able to store for five years
    • CALEA Petition for Rulemaking
      • In August 2005, FCC ruled that Internet broadband access providers and certain VoIP service providers must design networks to be wiretap-friendly pursuant to Communications Assistance for Law Enforcement Act (CALEA) of 1994
    • Data Mining
      • Computer systems that search numerous databases for correlations between data 
      • Currently used by corporations to determine consumer preferences
    • ID Cards
      • Biometric ID cards to be issued starting in 2008 to voluntary participants in Britain would become compulsory in 2013 
      • Cards contain 
        • Name
        • Gender
        • Date and place of birth
        • Current and previous addresses
        • Immigration status
        • Chip containing 
          • Digital photo
          • Fingerprints
          • Iris scans
    • Integrated Automated Fingerprint Identification System (“IAFIS”)
      • System electronically compares live-scanned fingerprint with database of previously captured fingerprints
    • Multistate Anti-Terrorism Information Exchange (“MATRIX”)
      • Integration of factual, disparate data from existing sources to Web-enabled storage systems to identify and combat criminal activity 
      • Includes 
        • Aircraft and other property ownership records
        • Bankruptcy filings
        • Corporate filings
        • Criminal history records
        • Digital photographs
        • Driver’s and pilot’s licenses
        • State professional licenses
        • State sexual offenders lists
        • Terrorism watch lists
        • UCC filings
        • Vehicle registrations
    • “ Secure Flight” and other Targeting Systems
      • Secure Flight passenger-screening program 
        • Computer-assisted passenger screening system that searches databases, matches passenger against FBI consolidated watch list, and rates passenger with a “threat level” in red, yellow, or green 
        • Based on tagging, passengers could be scrutinized, interrogated, or detained 
        • Might incorporate behavioral profiling 
        • Goal is to link in real time to video images—automatic link between video of terrorist suspect and watch list
        • Not yet approved in mid-2005
    • “ Secure Flight” and other Targeting Systems
      • Border Patrol Targeting Systems Enhancement
        • Over $20 million budgeted in US Department of Homeland Security in 2005
        • Seeks to develop and refine automated target recognition systems using latest sensor technology 
      • Semantic Information Fusion  
        • Seeks to correlate disparate data about human targets, including
          • Location
          • Identity
          • Behavior 
        • Creates composite description of a particular situation
        • Uses linguistic information and physics-based models of access, mobility, and visibility to reconstruct past and infer current events
    • Sharing/Databases
      • Governments increasingly share citizens’ personal information with each other and with the private sector 
      • “Data . . . are tributaries flowing into one giant river of databases.” Lee Tien, Electronic Frontier Foundation (Aug. 8, 2005)
    • Terrorist Screening Database (“TSDB”) of the Terrorist Screening Center (“TSC”)
      • Aggregates numerous government watch-lists 
      • In 2005, TSDB had over 200,000 names, ranging from known terrorists to persons suspected of having some ties to terrorism 
      • Each name receives one of 28 codes, describing person’s connection to terrorism
      • Names are categorized according to the actions users should take when encountering someone on list
    • Total Information Awareness (“TIA”)
      • Computer surveillance system proposed by Department of Defense  
      • Would have used data mining and networking to connect sources of information including 
        • Credit card purchases
        • Bank transactions
        • E-mail 
      • Shut down by Congress in 2003
    • US-VISIT
      • Project of US Department of Homeland Security to develop biometric-enabled system for collecting, maintaining, and exchanging information on foreign nationals 
      • $340 million budgeted for FY2005
    • Conclusion
      • Government and corporations are using many technologies for surveillance, invading privacy in cyberspace and in the real world
      • Do citizens and consumers care?
      • What can we do to protect our privacy and to manage our digital identities and digital reputations?
    • For more information
      • Contact Jeffrey Aresty, President, Internetbar.org, [email_address]
      • Articles on privacy-invading technologies and public attitudes toward privacy invasions are available now
      • Article on digital identity will be available soon