IMF: Credit Scores Should be Based on Browsing History

As if reality couldn’t be more dystopian, researchers for the International Monetary Fund proposed that credit scores should include data from peoples’ browsing, search, and purchase history.

Citing soft-data points like “the type of browser and hardware used to access the internet, the history of online searches and purchases” that could be incorporated into evaluating a borrower, the researchers believe that when a lender has a more intimate relationship with the potential client’s history, they might be more willing to cut them some slack.

What an insane, stupid idea. Too poor to afford a Mac? Sorry! Your credit score won’t be rising above 600.

Worried if You Were Infected by Pegasus? This Tool Can Help

This week, a strain of malware known as Pegasus from NSO Group has been making headlines. It’s used by governments to target journalists, activists, and other people deemed dissidents. But there is a tool that could detect it.

MVT will let you take an entire iPhone backup (or a full system dump if you jailbreak your phone) and feed in for any indicators of compromise (IOCs) known to be used by NSO to deliver Pegasus, such as domain names used in NSO’s infrastructure that might be sent by text message or email.

Court Finds NSA Collects Innocent Americans’ Data Anyway

The Foreign Intelligence Surveillance Court (FISC) found that the NSA doesn’t follow the law and collections the data of innocent Americans. This is according to a recently declassified document [PDF] from November 2020.

From where we sit, it seems clear that the FISC continues to suffer from a massive case of national security constitutional-itis. That is the affliction (not really, we made it up) where ordinarily careful judges sworn to defend the Constitution effectively ignore the flagrant Fourth Amendment violations that occur when the NSA, FBI, (and to a lesser extent, the CIA, and NCTC) misuse the justification of national security to spy on Americans en mass.

US Court Rules NSA Mass Surveillance Program Illegal

Seven years after NSA whistleblower Edward Snowden exposed the agency’s mass surveillance of Americans, a U.S. appeals court has deemed it illegal.

The ruling will not affect the convictions of Moalin and his fellow defendants; the court ruled the illegal surveillance did not taint the evidence introduced at their trial. Nevertheless, watchdog groups including the American Civil Liberties Union, which helped bring the case to appeal, welcomed the judges’ verdict on the NSA’s spy program.

Secret Service Purchased ‘Location X’ Product to Track Phones

A Secret Service document reveals the purchase of “Location X” a product that uses location data harvested from apps. The product is from a company called Babel Street. If that name sounds familiar it’s because two employees left the company to form “Anomaly Six” another location tracking company.

“The purpose of this modification is to add 1 licenses [sic] to CLIN 0003 and incorporate the Master Subscription Agreement and Locate X Addendum as attached,” the contract document reads. Motherboard obtained the document through a Freedom of Information Act (FOIA) request.

Electronic Frontier Foundation Unveils ‘Atlas of Surveillance’

The EFF unveiled the Atlas of Surveillance today. It’s a database of surveillance tech used by law enforcement across the country. Anyone can use it to see what spying technology their state’s LE uses. You can download datasets, too.

We specifically focused on the most pervasive technologies, including drones, body-worn cameras, face recognition, cell-site simulators, automated license plate readers, predictive policing, camera registries, and gunshot detection. Although we have amassed more than 5,000 datapoints in 3,000 jurisdictions, our research only reveals the tip of the iceberg and underlines the need for journalists and members of the public to continue demanding transparency from criminal justice agencies.

The FBI is Collecting Your Data Through its ‘FitTest’ App

The FBI has been promoting its fitness app called FitTest to help people exercise at home. It’s also collecting your data.

…an FBI spokesperson reiterated the app’s privacy statement, adding that “the app does not gather or save any personal information other than what you select for your profile.”

But the app’s privacy statement makes room for some tracking: When FitTest accesses pages from the official FBI website, it says, “fbi.gov’s privacy policy applies.” The fbi.gov privacy policy states that “individuals using this computer system are subject to having all of their activities monitored and recorded.”

I can’t wait for the FBIPhone and FBIMessage apps.

U.S. Government Wants to Track Coronavirus Spread With Location Data

The U.S. government is in talks with Facebook, Google, and others to use location data to track the spread of the coronavirus.

Public-health experts are interested in the possibility that private-sector companies could compile the data in anonymous, aggregated form, which they could then use to map the spread of the infection, according to three people familiar with the effort, who requested anonymity because the project is in its early stages.

On the surface, it’s for good intentions (They always seem good on the surface). But we know that in certain situations, data can be de-anonymized. Some questions: How will they use this data? How effective would this be? Will the government keep the database afterward? My initial thought is that I have no problem with medical experts and scientists doing this. But I have no faith in this current administration, or faith in companies like Facebook and Google. What if they created an app to collect this data? That way it’s optional. And please passwordprotect the server.

Utah is Now a Surveillance State Thanks to This Company

A surveillance company called Banjo has partnered with Utah state authorities to enable a dystopian panopticon.

The lofty goal of Banjo’s system is to alert law enforcement of crimes as they happen. It claims it does this while somehow stripping all personal data from the system, allowing it to help cops without putting anyone’s privacy at risk. As with other algorithmic crime systems, there is little public oversight or information about how, exactly, the system determines what is worth alerting cops to.

Your Online Activity is a Social Credit Score

Violet Blue has an interesting take, that of your online activity as a social credit score. The SCC is something we usually associate with China, but we’re seeing trends suggesting America is moving toward a similar system.

Combine this with companies like Instagram, Facebook, YouTube, and yes, Airbnb deciding what legal behaviors are acceptable for service, and now we’re looking at groups of historically marginalized people being denied involvement in mainstream economic, political, cultural and social activities — at scale.

Homeland Security Cancels Facial Recognition Plan for Americans

Homeland Security had a plan to expand its use of airport facial recognition to include U.S. citizens. After much outcry the agency will drop that plan, although foreign nationals and visitors will still face mandatory scanning.

A spokesperson for Customs and Border Protection, which filed the proposal, said the agency has “no current plans to require U.S. citizens to provide photographs upon entry and exit from the United States,” and that it “intends to have the planned regulatory action regarding U.S. citizens removed from the unified agenda next time it is published.”

Traffic Cameras Could Soon Tell if you Text and Drive

Australia will soon install a camera system powered by machine learning that is designed to spot mobile phones in cars.

To let drivers adjust, warning letters will be sent to those spotted using phones by the cameras for the first three months. Australia uses a points system for drivers — unrestricted driver’s licenses have 13 points. After the first three months, drivers caught using their phones illegally will lose five points and be issued a $344 fine. During other periods, the penalty could increase to 10 points. If a driver loses all of their points, they could lose their license.

Distracted driving is absolutely a serious problem, but I don’t think more surveillance infrastructure is the answer.

Would Apple Leave Russia Over Device Ban?

Going into effect on July 2020, Russia just passed a law that would ban the sale of devices that don’t come pre-installed with Russian software. This obviously butts up against the integrity of iOS. Would Apple have the “courage” to leave the country if the Kremlin tried to force them to install their surveillance software? Because of course it’s for surveillance. Why else would a government meddle with device makers in this way?

The law will not mean devices from other countries cannot be sold with their normal software – but Russian “alternatives” will also have to be installed.

The legislation was passed by Russia’s lower house of parliament on Thursday. A complete list of the gadgets affected and the Russian-made software that needs to be pre-installed will be determined by the government.

How Motorola Helps Enable Government Surveillance

Since 2017 Motorola Solutions has invested US$1.7 billion to support or buy companies that build police body cameras, train the cameras with facial recognition, find suspects in videos, and track vehicle movement via license plates.

The company provided a statement that described its plan to add artificial intelligence products, including object detection and “unusual motion detection,” to a package it sells to public safety agencies. The systems can help flag a potential trespasser or the appearance of smoke, the company said. The company emphasized that the new tools are not meant to make automatic policing decisions but to help officers decide how to act.

NSA Publishes Threatening Letter Calling for Encryption Backdoors

Glenn S. Gerstell, general counsel for the National Security Agency (NSA) published a letter in the New York Times, writing about how a “digital revolution threatens to upend our entire national security infrastructure.” He thinks backdoors into encryption is one answer (of course he doesn’t use the word backdoor), as well as the agency collecting even more data from citizens. Read his letter by clicking the link below, then read this take by Nefarious Laboratories.

Make no mistake, this letter is a thinly-veiled threat to every major corporation around the globe: provide the U.S. government with access to all of your data or else, “there is another path, and it is the one taken by authoritarian regimes around the world”.

Amazon's Surveillance Company Partners With 400 More Police Forces

Ring, the Amazon-owned surveillance company that sells doorbell cameras, is partnering with 400 more police forces across the U.S.

The partnerships let police automatically request the video recorded by homeowners’ cameras within a specific time and area, helping officers see footage from the company’s millions of Internet-connected cameras installed nationwide, the company said. Officers don’t receive ongoing or live-video access, and homeowners can decline the requests, which Ring sends via email thanking them for “making your neighborhood a safer place.”

Previous Ring coverage: Here, and here.

Apple Blocks Spying Kazakhstan Root Certificate

The Kazakhstan government is trying to spy on citizens with a government-issued root certificate for websites. Apple, Google, and Mozilla are blocking it in their browsers.

The root certificate in question, labeled as “trusted certificate” or “national security certificate,” if installed, allows ISPs to intercept, monitor, and decrypt users’ encrypted HTTPS and TLS connections, helping the government spy on its 18 million people and censor content.

Once installed, the certificate allowed the Kazakh government to decrypt and read anything a user visiting popular sites—Facebook, Twitter, and Google, among others—types or posts, including intercepting their account information and passwords.

FBI to Monitor Social Media for Domestic Terrorism Threats

The FBI wants to monitor Facebook, Twitter, and Instagram for domestic terrorism threats in real time.

The FBI ultimately wants an interactive tool that can be accessed by all headquarters division and field office personnel via web browsers and through multiple devices. Interested vendors should have the capabilities to offer the agency the ability to set filters around the specific content they see, send immediate and custom alerts and notifications around “mission-relevant” incidents, have broad international reach and a strong language translation capability and allow for real-time geolocation-based monitoring that can be refined as events develop.

Just ask the NSA.

Amazon Helps Cops Get Ring Surveillance Videos Without Warrants

A couple weeks ago I shared news that Amazon is requiring police to promote its Ring surveillance cameras. Not that bad, I thought, because at least the police had to have the owner’s permission. But I was optimistic, because Amazon is giving police talking points on how to persuade owners, and even seizing the video footage if the owner said no.

As reported by GovTech on Friday, police can request Ring camera footage directly from Amazon, even if a Ring customer denies to provide police with the footage. It’s a workaround that allows police to essentially “subpoena” anything captured on Ring cameras.

Things like government surveillance and hacking are precisely why I will never buy smart home products. Update: A Ring spokesperson emailed me a correction: The reports that police can obtain any video from a Ring doorbell within 60 days is false. Ring will not release customer information in response to government demands without a valid and binding legal demand properly served on us. Ring objects to overbroad or otherwise inappropriate demands as a matter of course.