At least, that's what computers are reportedly doing on the streets in China.Chinese authorities have started using "gait recognition" software -- artificial intelligence that identifies people by their body shape and the way they walk -- for mass surveillance on the streets of Beijing and Shanghai, the Associated Press reported Tuesday.The tech can reportedly recognize people from up to 50 meters away, even if their face is hidden or their back is facing the camera.The software is reportedly provided by Chinese tech company Watrix.China is already using facial recognition in its increasing surveillance efforts.By 2020, the country plans to employ a nationwide social credit system to give every citizen a personal score based on their behavior.
It’s been over five years since NSA whistleblower Edward Snowden lifted the lid on government mass surveillance programs, revealing, in unprecedented detail, quite how deep the rabbit hole goes thanks to the spread of commercial software and connectivity enabling a bottomless intelligence-gathering philosophy of ‘bag it all’.Government spying practices are perhaps more scrutinized, as a result of awkward questions about out-of-date legal oversight regimes.In the US, too, lawmakers elected to push aside controversy over a legal loophole that provides intelligence agencies with a means for the warrantless surveillance of American citizens — re-stamping Section 702 of FISA for another six [email protected] IDing the GRU agents who poisoned the Skripals or Turkish surveillance leaking graphic details of Khashoggi's fate — keep reminding me of this piece I wrote 5yrs ago— Natasha (@riptari) October 18, 2018With attention to detail, good connections (in all senses) and the application of digital forensics all sorts of discrete data dots can be linked — enabling official narratives to be interrogated and unpicked with technology-fuelled speed.
In a set of rulings today, the European Court of Human Rights found that the mass surveillance scheme used by the GCHQ—the United Kingdom's signals intelligence agency—violated the European Convention on Human Rights (ECHR), unlawfully intruding on the private and family life and freedom of expression of British and European citizens.The Court found that sharing intelligence information gathered from bulk surveillance—as GCHQ does with the NSA and other members of the "Five Eyes" intelligence and security alliance—does not violate the human rights charter.But the judges did warn that using such intelligence sharing to bypass restrictions on surveillance of a member state's own citizens would be a violation of the charter.In the ruling, the judges found that there was insufficient oversight through the UK's Investigatory Powers Tribunal (the UK equivalent of the US' Foreign Intelligence Surveillance Court) over the UK's bulk interception, filtering, and search of communications by the GCHQ.The judges also found that there were insufficient safeguards put in place to govern access to communications data.While the case has no direct impact on US intelligence gathering, the case could have a ripple effect because of the close connections between US and UK intelligence and law enforcement organizations.
Mass surveillance carried out by British intelligence agency GCHQ violated the European Convention on Human Rights, a court in Europe ruled Thursday.Judges from the European Court of Human Rights in Strasbourg, France, voted 5 to 2 that some aspects of the UK's surveillance activities violated people's right to a private life.These included indiscriminate "population-level" data collection, a lack of oversight in the collection process and the lack of safeguards to prevent the abuse of collected data.One activity the court decided wasn't illegal, however, was GCHQ's policy of sharing sensitive data with foreign governments.In its judgment, the court expressed particular concern over the ability of intelligence services to search and examine data that identifies senders and recipients of messages "apparently without restriction".The scope for unrestricted snooping "could be capable of painting an intimate picture of a person" through mapping of social networks and communication patterns, browsing and location tracking, and understanding who a person is interacting with, it said.
While both the bulk interception regime and the regime for obtaining communications data from communications service providers were deemed to have violated Article 10 of the Convention (the right to freedom of expression and information,) as the judges found there were insufficient safeguards in respect of confidential journalistic material.The complaints in this case were lodged prior to the UK legislating for a new surveillance regime, the 2016 Investigatory Powers Act, so in coming to a judgement the Chamber was considering the oversight regime at the time (and in the case of points 1 and 3 above that’s the Regulation of Investigatory Powers Act 2000).Nor is it the only UK surveillance legislation judged to fall foul on that front.A few years ago UK judges agreed with a similar legal challenge to emergency surveillance legislation that predates IPA — ruling in 2015 that DRIPA was unlawful under human rights law.Among the most controversial elements of the IPA is a requirement that communications service providers collect and retain logs on the web activity of the digital services accessed by all users for 12 months; state power to require a company to remove encryption, or limit the rollout of end-to-end encryption on a future service; and state powers to hack devices, networks and services, including bulk hacking on foreign soil.In April this shiny new surveillance regime was also dealt a blow in UK courts — with judges ordering the government to amend the legislation to narrow how and why retained metadata could be accessed, giving ministers a deadline of November 1 to make the necessary changes.
Senators Ron Wyden (D-OR) and Rand Paul (R-KY) have sent a letter [PDF] to the NSA's inspector general asking him to look into the agency's torching of metadata for hundreds of millions of phone calls."We write to request that you conduct an investigation into the circumstances surrounding, and any systemic problems that may have led to, the deletion by the National Security Agency (NSA) of certain call detail records (CDRs) collected from telecommunications service providers pursuant to Title V of the Foreign Intelligence Surveillance Act (FISA)," the letter begins.That deletion was announced back in June, one month after the spy agency revealed in a "statistical transparency report" [PDF] that it had collected 534 million call details in 2017, a tripling of the number from the previous year.The NSA blamed "technical irregularities" for the receipt and storing of an unspecified amount of phone call data, and said that, since it was not possible to discern between legitimately and illegally gathered details, it was going to "delete all CDRs acquired since 2015."Section 215 is particularly controversial, because despite the F in FISA standing for Foreign, it can and has been used to indiscriminately vacuum up metadata on people in the US, which arguably violates their Fourth Amendment protections against warrantless search.Stand up and be discounted
President Trump’s new Supreme Court nominee will face more scrutiny for his ideological leanings around issues like abortion than his thoughts on tech, but we do know a bit about the latter.On Monday, Trump nominated Brett Kavanaugh to fill the seat that opened when Justice Anthony Kennedy announced his retirement in late June.Kavanaugh, who previously clerked for Kennedy, was appointed to the Washington D.C.Circuit Court of Appeals in 2003 by former president George W. Bush and eventually confirmed in 2006.As future digital privacy cases wend their way toward the Supreme Court, Kavanaugh’s stated views on the NSA’s spying program could prove relevant.In 2015, Kavanaugh sided in favor of the NSA’s warrantless bulk collection of phone metadata, issuing strong support for the controversial practice and categorizing its collection as a “special need” that eclipses personal privacy concerns.
As well as reopening democratic debate around a controversial digital copyright reform proposal by voting against it being fast-tracked, MEPs have adopted a resolution calling for the suspension of the EU-US Privacy Shield.European citizens need a solution that is legally watertight!— Sophie in 't Veld (@SophieintVeld) July 5, 2018 Dataprotection: MEPs call for the suspension of the EU-US PrivacyShield if US fails to comply in full by 1 September in a resolution adopted today | @Claude_Moraes | Press release:— LIBE Committee Press (@EP_Justice) July 5, 2018The EU-US Privacy Shield is not yet two years old but has always been controversial, given the mass surveillance/Snowden disclosure-related reasons for the demise of its predecessor (Safe Harbor).
In March 2015, the American Civil Liberties Union filed a lawsuit challenging the constitutionality of a type of National Security Agency bulk monitoring known as "upstream" surveillance.But on Friday, a hearing over one such roadblock in Maryland district court could bring long-awaited progress.The Wikimedia Foundation, which the ACLU is representing along with cocounsel from the Knight First Amendment Institute and Cooley LLP, engages in more than a trillion communications per year with people around the world, and has hundreds of millions of visitors each month to Wikipedia.Now, the government is using a concept known as the “state secrets privilege,” which protects classified information from the discovery process in a lawsuit, to resist cooperating with Wikimedia's requests.As a result of these evasive tactics, the core constitutional issues of upstream surveillance remain unexamined."No public court has ever addressed the lawfulness of this surveillance," says Ashley Gorski, a staff attorney for the ACLU's National Security Project.
A U.S. citizen is reportedly captured on CCTV around 75 times per day.In the United Kingdom, this number is considerably greater, with your average Brit likely to be caught on surveillance cameras up to 300 times in the same period.But a lot of existing CCTV networks still rely on people to operate them.Researchers from the U.K.’s University of Cambridge and India’s National Institute of Technology and Institute of Science, Bangalore have published a new paper, describing a drone-based surveillance system, which uses UAVs as flying security cameras to keep an eye (or several) on large gatherings of people.The “Eye in the Sky” real-time drone surveillance system could be deployed at events like music festivals, marathons or other large gatherings, where it would be utilized to identify violent individuals — based on their aggressive posture — using the latest pattern recognition technology.Identifying attackers in real time
Letter to Bezos: 'We refuse to contribute to tools that violate human rights'Amazon workers have reportedly called on their bosses to stop selling facial recognition kit to cops and spies, and slammed its links to data analytics biz Palantir.Amid the tech industry's intense efforts to prove to the public that they are not corporate monsters, Washington DC publication The Hill has reported that Amazon staffers have taken their moral objections to top dog Jeff Bezos.The missive is the latest in a string of statements from tech bosses and underlings that condemn the US government's policy of separating children from their asylum-seeking parents at the country's borders – which President Donald Trump was forced to back down on after images of kids apparently held in chain-link cages were made public.In the letter, reportedly posted on Amazon's internal staff wiki, the employees – referring to themselves as *shudder* Amazonians – state that they should have a say in the work they do and how its products are used."We refuse to build the platform that powers [Immigration and Customs Enforcement], and we refuse to contribute to tools that violate human rights," the letter is reported to read.
In a letter addressed to Amazon CEO Jeff Bezos and posted on the company’s internal wiki, employees said that they “refuse to contribute to tools that violate human rights,” citing the mistreatment of refugees and immigrants by ICE and the targeting of black activists by law enforcement.The letter follows similar protests at Google and Microsoft.“As ethically concerned Amazonians, we demand a choice in what we build, and a say in how it is used,” says the letter, first reported by The Hill.“We will not let that happen again.”The employees call out two specific businesses that Amazon should end: the sale of facial recognition software to law enforcement (marketed as Amazon Web Services Rekognition), and the sale of AWS cloud services to Palantir (a data analytics firm that provides “mission critical” software to ICE).Amazon’s sale of Rekognition software to the police was first revealed by an ACLU investigation in May, with the civil liberties group warning that the deployment of the technology could be the beginning of automated mass surveillance in America.
In a vote late yesterday the Libe committee agreed the mechanism as it is currently being applied does not provide adequate protection for EU citizens’ personal information — emphasizing the need for better monitoring in light of the recent Facebook Cambridge Analytica scandal, after the company admitted in April that data on as many as 87 million users had been improperly passed to third parties in 2014 (including 2.7M EU citizens) .Facebook is one of the now 3,000+ organizations that have signed up to Privacy Shield to make it easier for them to shift EU users’ data to the US for processing.Although the Cambridge Analytica scandal pre-dates Privacy Shield — which was officially adopted in mid 2016, replacing the long-standing Safe Harbor arrangement (which was struck down by Europe’s top court in 2015, after a legal challenge that successfully argued that US government mass surveillance practices were undermining EU citizens’ fundamental rights).The EU also now has an updated data protection framework — the GDPR — which came into full force on May 25, and further tightens privacy protections around EU data.The Libe committee says it wants US authorities to act upon privacy scandals such as Facebook Cambridge Analytica debacle without delay — and, if needed, remove companies that have misused personal data from the Privacy Shield list.Despite a string of privacy scandals — some very recent, and a fresh FTC probe — Facebook remains on the Privacy Shield list; along with SCL Elections, an affiliate of Cambridge Analytica, which has claimed to be closing its businesses down in light of press around the scandal, yet which is apparently still certified to take people’s data out of the EU and provide it with ‘adequate protection’, per the Privacy Shield list…
The ACLU and other civil liberties campaigners said Amazon Rekognition could turn into a mass surveillance toolAmazon has defended its collaboration with US law enforcement agencies to set up face recognition systems, after civil liberties campaigners said the technology was “dangerous”.The company said new technologies should not be “outlawed” because “because some people could choose to abuse” it.In a letter sent to Amazon chief executive Jeff Bezos, the American Civil Liberties Union (ACLU) and other groups asked the firm to stop selling its Rekognition technology to law enforcement bodies.The documents detail Amazon’s work with the sheriff’s department of Washington County, in Oregon, and Orlando, Florida police to set up systems that automate the identification of individuals using its cloud-based software.Such systems can easily be abused, the ACLU argued, adding that Washington County and Orlando had declined to provide any documents on the rules governing how the technology can be used.
Apps for encrypted communications are now being used by criminals of all kinds, not just hackers, says the National Crime AgencyThe National Crime Agency (NCA) has listed encryption as one of the technologies making criminals’ jobs easier, as it makes it more difficult for law enforcement organisations to “collect intelligence and evidence”.In its annual National Strategic Assessment of Serious and Organised Crime 2018 report, the NCA said communications service providers had migrated to encrypted services ‘by default’ since 2010, a process that accelerated following Edward Snowden’s disclosures of mass surveillance in 2013.“Now, the majority of internet traffic is encrypted and publicly available mobile device apps offer end-to-end encryption as standard,” the report said.Widespread encryption “is impacting on law enforcement’s ability to collect intelligence and evidence”, the NCA said.NCA director general Lynne Owens said the report showed organised crime groups were increasingly taking advantage of digital technologies to carry out their activities.
Facebook’s lawyers are attempting to block a High Court decision in Ireland, where its international business is headquartered, to refer a long-running legal challenge to the bloc’s top court.The social media giant’s lawyers asked the court to stay the referral to the CJEU today, Reuters reports.Facebook is trying to appeal the referral by challenging Irish case law — and wants a stay granted in the meanwhile.The case relates to a complaint filed by privacy campaigner and lawyer Max Schrems regarding a transfer mechanism that’s currently used by thousands of companies to authorize flows of personal data on EU citizens to the US for processing.Though Schrems was actually challenging the use of so-called Standard Contractual Clauses (SCCs) by Facebook, specifically, when he updated an earlier complaint on the same core data transfer issue — which relates to US government mass surveillance practices, as revealed by the 2013 Snowden disclosures — with Ireland’s data watchdog.However the Irish Data Protection Commissioner decided to refer the issue to the High Court to consider the legality of SCCs as a whole.
In light of the Facebook data scandal, more people are beginning to challenge the web’s pervasive surveillance culture.The UK government broke EU law under the Data Retention and Investigatory Powers Act (DRIPA), the Court of Appeal ruled in January.The regime – colloquially known as the Snoopers’ Charter – had allowed public bodies to have access to the records of British citizens’ web activity and phone records, without any suspicion that a serious crime had been committed.The DRD had required communications service providers to retain subscriber data of their customer base for two years.But the CJEU declared that it seriously interfered with fundamental rights to privacy and data protection in a way that wasn’t strictly necessary.It works like this, according to the Home Office:
Facebook has confirmed what many of us have known for years: Cambridge Analytica was far from the only organization engaging in the wholesale hoarding of netizens' personal data via the social network.The Silicon Valley giant told America's financial watchdog, the SEC, on Thursday that it will probably reveal additional data-harvesting operations as it continues probing how outside developers accessed its website and what information they siphoned off in bulk.Don't forget, Facebook was more than happy to let third-party apps and tools connect to its services and extract people's personal information, provided punters clicked through user agreements they never had time to read.Now after years of letting companies chug from its firehose, Facebook is shocked – shocked – to discover that shady outfits were amassing folks' info via these APIs."Such incidents and activities may include the use of user data in a manner inconsistent with our terms or policies, the existence of false or undesirable user accounts, election interference, improper ad purchases, activities that threaten people’s safety on- or offline, or instances of spamming, scraping, or spreading misinformation."Facebook's inflection point: Now everyone knows this greedy mass surveillance operation for what it is
The UK government has suffered yet another defeat in the courts over a surveillance regime that critics have dubbed a ‘Snooper’s charter’.Today the UK High Court agreed with digital and civil rights group Liberty’s crowdfunded legal challenge to a portion of the UK’s 2016 Investigatory Powers Act that gives the state the power to mandate that communications companies and service providers collect and retain web activity logs, comms metadata and location information on all their users for a full 12 months.The provision for a blanket retention of citizens’ digital data — which can be accessed by a wide range of public bodies for all sorts of purposes — has always been controversial.Liberty’s challenge to this section of the IP Act included the fact the retained metadata could be accessed by dozens of public bodies without independent authorization by a court of independent agency; that the bar for accessing the data was merely “crime-fighting” rather than for “serious crime”; and also that the data could be accessed — using other powers in the IP Act — for various non-crime purposes, including collecting taxes and fines; and for regulating financial services.The court did not affirm one of Liberty’s other contentions, though — declining to find that Part 4 was unlawful on the grounds that it constituted “general and indiscriminate” retention of data.Liberty said it asked the High Court to refer questions of EU law to Europe’s top court – including the question of whether EU privacy laws apply to retention orders issued for national security purposes and whether retained data must be kept within the EU so it can be protected by EU privacy and data protection rules.
The Irish High Court has referred for a second time a legal challenge to Facebook’s EU-US data transfers to Europe’s top court, seeking a preliminary ruling on a series of fundamental questions pertaining to the clash between US mass surveillance law and EU citizens’ fundamental privacy rights.Schrems then updated his complaint, this time focusing exclusively on Facebook and addressing a secondary EU-US data transfer mechanism that’s still being used, called Standard Contractual Contracts (SCCs).SCCs are used by Facebook to transfer data between its European entity, Facebook Ireland, and Facebook USA — essentially via a contract in which Facebook USA pledges to follow EU privacy principles.The Irish High Court court issued an underlying judgement on the updated complaint last October, deciding to refer legal questions over this EU-US data transfer mechanism to Europe’s top court, as it had with Schrems’ original complaint.The court has backed the view that US government surveillance practices involve a mass processing of personal data.And this core legal clash is the Gordian knot that US tech giants — including Facebook — are now bound up with as a consequence of domestic surveillance law granting the US government swingeing rights to suck up data from “electronic communication service providers”.