i suppose i should read through everything in my feed reader before posting, but with close to 3000 unread items i wouldn’t be posting til the new year. so here is another article related to hyper-vigilant surveillance in the US. this one is from AlterNet:

Government Spying Goes Global
by Maureen Webb

The story which broke last week about a traveler risk scoring system called the Automated Targeting System, or “ATS,” evokes an image of an Orwellian world in which the State compiles a secret dossier on every individual and sorts the population according to secret criteria, assigning each person a “risk score.” The individual has no recourse to challenge his risk rating, and he has no way of correcting any false or incomplete information about him. In fact, he will never know what information is being used against him, or even the criteria on which he has been judged a risk to the State. It is a disturbing image, and the fact that the government has been conducting the ATS program in secret for four years has shocked many people. However, the ATS is hardly a surprise to those who have been keeping track of similar programs.

First, there was Total Information Awareness, or “TIA,” a program that was to data mine “the transaction space” in order to single out people who might be terrorists. Then there was the Multi-state Anti-terrorism Information Exchange, or “MATRIX,” which linked together state and commercial information and was probably a data-mining program. In a test run of their technology for government officials, its developers boasted that they had found 120,000 likely terrorists living in the United States. In the area of travel, the second-generation Computer Assisted Passenger Prescreening System, or “CAPPS II,” was to data mine airline and commercial information in order to score travelers as red, green or amber risks. Its successor program, “Secure Flight,” tried to do a similar thing. Then, in the area of telecommunications, there was the NSA program, secretly authorized by the President to data mine the telephone calls and emails of the American people.

All of these programs, except for the NSA’s, were ostensibly scrapped by the government or Congress. Americans thought TIA was just too creepy, states opted out of MATRIX in droves because it was so intrusive, the GAO said that CAPPS II was ineffective in identifying possible terrorists, and Secure Flight was killed after it was caught risk scoring, which Congress had expressly forbidden it to do. Each program never really went away. Instead, they were simply repackaged — or carried on in secret, like the ATS program.

Data mining is the use of computer algorithms to search masses of information for specified criteria. Risk scoring is a statistical rating on how closely an individual matches the criteria. The government is using these two techniques to sort through the masses of information it has been gathering and buying from private data aggregating companies since 9-11, in order to watch every transaction made by the American population, and populations outside the United States, all of the time. This is mass surveillance, and it’s global in scope. Domestic systems feed into global ones and global systems — like biometric passports, the sharing of airline reservation system information, the interception of international banking records, and the interception of global communications, to name a few — feed into the domestic.

The purpose of data mining is not to check individuals’ personal information against information about known terrorists, or those suspected of terrorism on “reasonable grounds” as they cross borders, send emails or access public services. The purpose of it is to predict who might be a terrorist — a little like the film “Minority Report,” in which officials stop criminal acts before they happen by reading people’s minds. However, the technology that is being used today falls far short of the technology of Hollywood fantasy.

First, the information on which data mining or risk scoring depend is often inaccurate, lacking context, dated, or incomplete. And like the ATS program, data mining and risk scoring programs never contain a mechanism by which individuals can correct, contextualize or object to the information that is being used against them, or even know what it is. Operating on a “preemption” principle, these systems are uninterested in this kind of precision. They would be bogged down if they were held to the ordinary standards of access, accuracy, and accountability. Secondly, the criteria used to sort masses of data will always be over-inclusive and mechanical. Data mining is like assessing guilt by “Google” key-word searches. And since these systems use broad markers for predicting terrorism, ethnic and religious profiling are endemic to them.

Welcome to the national insecurity state, where our virtual identities are continually assessed for the risk we pose to the state and the normal relationship between the individual and the state in democratic societies is turned on its head. Now, the individual answers to the state and woe betide the person who is branded with a high “risk score.”

In the circles i run in, security culture is a topic that creates such paranoia that it often drives people into a paralytic state. They become so worried that even their non-violent tactics will be reason for their incarceration, that they just don’t participate in any actions for social justice. Each of these people, i have chalked as victories for the forces of power and privilege.

While i hope that the following article won’t further drive people’s paranoia, i do hope it will serve to educate about the type of state that we are living in. And remember, the FBI no longer needs a warrant for such eavesdropping.

FBI taps cell phone mic as eavesdropping tool
from ZDNet

The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone’s microphone and using it to eavesdrop on nearby conversations.

The technique is called a “roving bug,” and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the “roving bug” was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect’s cell phone.

Kaplan’s opinion said that the eavesdropping technique “functioned whether the phone was powered on or off.” Some handsets can’t be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.

The U.S. Commerce Department’s security office warns that “a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone.” An article in the Financial Times last year said mobile providers can “remotely install a piece of software on to any handset, without the owner’s knowledge, which will activate the microphone even when its owner is not making a call.”

Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. “They can be remotely accessed and made to transmit room audio all the time,” he said. “You can do that without having physical access to the phone.”

Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone–all without the owner knowing it happened. (The FBI declined to comment on Friday.)

“If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone,” Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added.

FBI’s physical bugs discovered
The FBI’s Joint Organized Crime Task Force, which includes members of the New York police department, had little luck with conventional surveillance of the Genovese family. They did have a confidential source who reported the suspects met at restaurants including Brunello Trattoria in New Rochelle, N.Y., which the FBI then bugged.

But in July 2003, Ardito and his crew discovered bugs in three restaurants, and the FBI quietly removed the rest. Conversations recounted in FBI affidavits show the men were also highly suspicious of being tailed by police and avoided conversations on cell phones whenever possible.

That led the FBI to resort to “roving bugs,” first of Ardito’s Nextel handset and then of Peluso’s. U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to “be advised of the locations” of the suspects when their conversations were recorded.

Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a “listening device placed in the cellular telephone.” That phrase could refer to software or hardware.

One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone.

“They had to have physical possession of the phone to do it,” Porteous said. “There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by.”

But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere “within the United States”–in other words, outside the range of a nearby FBI agent armed with a radio receiver.

In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner’s affidavit seeking a court order lists Ardito’s phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted.

A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. “A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug,” the article said, “enabling them to be activated at a later date to pick up sounds even when the receiver is down.”

For its part, Nextel said through spokesman Travis Sowders: “We’re not aware of this investigation, and we weren’t asked to participate.”

Other mobile providers were reluctant to talk about this kind of surveillance. Verizon Wireless said only that it “works closely with law enforcement and public safety officials. When presented with legally authorized orders, we assist law enforcement in every way possible.”

A Motorola representative said that “your best source in this case would be the FBI itself.” Cingular, T-Mobile, and the CTIA trade association did not immediately respond to requests for comment.
Mobsters: The surveillance vanguard
This isn’t the first time the federal government has pushed at the limits of electronic surveillance when investigating reputed mobsters.

In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data.

So with a judge’s approval, FBI agents repeatedly snuck into Scarfo’s business to plant a keystroke logger and monitor its output.

Like Ardito’s lawyers, Scarfo’s defense attorneys argued that the then-novel technique was not legal and that the information gleaned through it could not be used. Also like Ardito, Scarfo’s lawyers lost when a judge ruled in January 2002 that the evidence was admissible.

This week, Judge Kaplan in the southern district of New York concluded that the “roving bugs” were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn’t work.

The FBI’s “applications made a sufficient case for electronic surveillance,” Kaplan wrote. “They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance.”

Bill Stollhans, president of the Private Investigators Association of Virginia, said such a technique would be legally reserved for police armed with court orders, not private investigators.

There is “no law that would allow me as a private investigator to use that type of technique,” he said. “That is exclusively for law enforcement. It is not allowable or not legal in the private sector. No client of mine can ask me to overhear telephone or strictly oral conversations.”

Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors’ OnStar to snoop on passengers’ conversations.

When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored.

Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who write a Trojan horse that secretly activated a computer’s video camera and forwarded him the recordings.