Tag Archives: Surveillance

True Video Lies

This is a longer version of a piece I recorded for the BBC World Service.

The other day my wife lost her phone out shopping. We narrowed it down to either the supermarket or the taxi. So we took her shopping receipt to the supermarket and asked to see their CCTV to confirm she still had the phone when she left.

To my surprise they admitted us into their control room. Banks of monitors covering nooks, crannies, whole floors, each checkout line. There they let us scroll through the security video—I kind of took over, because the guy didn’t seem to know how to use it—and we quickly found my wife, emptying her trolley at checkout line 17. Behind her was our daughter in her stroller, not being overly patient. It took us an hour but in the end we established what look liked a pretty clear chain of events. She had the bag containing the phone, which she gave to our daughter to distract her at the checkout. One frame shows the bag falling from her hands onto the floor, unnoticed by my wife.

Then, a few seconds later, the bag is mysteriously whisked off the floor by another shopper. I couldn’t believe someone would so quickly swoop. The CCTV records only a frame a second, so it took us some time to narrow it down to a woman wearing black leggings, a white top and a black belt. Another half hour of checks and we got her face as she bought her groceries at another till. No sign of the phone bag by this time, but I was pretty sure we had our man. Well, woman.

Except I’m not sure we did. What I learned in that control room is that video offers a promise of surveillance that doesn’t lie. It seems to tell us a story, to establish a clear chain of events. But the first thing I noticed was when I walked back out into the supermarket, was that how little of the floor it covered, and how narrow each camera’s perspective was.

For the most part we’ve learned that photos don’t always tell the truth. They can be manipulated; they offer only a snapshot, without context. But what about videos? We now expect to see cameraphone footage in our news bulletins, jerky, grainy recordings taken by unseen hands, raw and often without context.

This is not to say videos are not powerful truth tellers. But we tend to see what we want to see. When a policeman pepper sprays protests at the University of California there is outrage, and it does indeed appear to be unwarranted. But when four of the videos are synchronized together a more complex picture emerges. Not only can one see the incident within context, but also one gets a glimpse of a prior exchange, as the officer explains what he is about to do to one protester, who replies, almost eagerly: “You’re shooting us specifically? No that’s fine, that’s fine.”

This is not to condone what happens next, but this exchange is missing from most of the videos. The two videos that contain the full prelude are, of course, longer, and have been watched much fewer times: 12,658 (15 minutes) and 245,226 times (8 minutes) versus 1,346,781 times (1 minute) for the one that does not  (the other video has since been taken down).

I’m not suggesting that the more popular video has been deliberately edited to convey a different impression, but it’s clearly the version of events that most are going to remember.

We tend to believe video more than photos. They seem harder to doctor, harder to hoodwink us, harder to take out of context. But should we?

It’s true that videos are harder to fake. For now. But even unfaked videos might seem to offer a version of the facts that isn’t the whole story. Allegations that former IMF president  Dominique Strauss-Kahn may have been framed during a sexual encounter at a New York Hotel, for example, have recently been buttressed by an extensive investigation published recently in the New York Review of Books. There’s plenty of questions raised by the article, which assembles cellphone records, door key records, as well as hotel CCTV footage.

The last seems particularly damning. A senior member of the hotel staff is seen high-fiving an unidentified man and then performing what seems to be an extensive dance of celebration shortly after the event. This may well be the case, but I’d caution against relying on the CCTV footage. For one thing, if this person was in any way involved, would they not be smart enough to confine their emotions until they’re out of sight of the cameras they may well have installed themselves?

Back to my case: Later that night we got a call that our phone had been recovered. The police, to whom I had handed over all my CCTV evidence, said I was lucky. A woman had handed it in to the mall’s security people. I sent her a text message to thank her. I didn’t have the heart to ask her whether she had been wearing black trousers and white top.

But I did realise that the narrative I’d constructed and persuaded myself was the right one was just that: a story I’d chosen to see.

Carrier IQ’s Opt-Out Data Collection Patent

ZDNet writes here about an Carrier IQ patent that outlines keylogging and ability to target individual devices . Which is interesting. But Carrier IQ owns a dozen patents, including this one, which to me is much more interesting. This patent indicates what Carrier IQ software could do—not what it does—but it is revealing nonetheless:

A communication device and a data server record and collect events and event-related data to create an activity record. A user of the communication device may request that events and related data be recorded and collected using a configuration option on the communication device or through an interaction with the data server. Data are grouped into data sets and uploaded to the data server either automatically or upon user approval. The data server uses the uploaded data to create an activity record which the user may access through a website. The user uploads additional data which are associated with the activity record. In some instances, the data server embeds a link pointing to the additional data in an entry in the activity record corresponding to an event associated with the additional data.

Basically this patent offers a way for a “user”—which could be either the user of the device or the service—to have a record of everything they do:

image

While most of the patent is clearly about a product that would create a ‘lifestream’ for the user—where they can access all the things they’ve done with the device, including photos etc, in one tidy presentation, there’s clearly more to it than that. Buried in the patent are indications that it could do all this without the user asking it to. It’s paragraph 0023 which I think is most interesting:

A user of a mobile device requests that events and event-related data be collected by a data server and data collection begins. Alternately, data collection may be a default setting which is turned off only when the device user requests that data collection not occur. In yet another embodiment, a request from a server can initiate, pause, or stop data collection. The mobile device is configured to record events performed by the mobile device as well as event-related data. Typical events that the mobile device records include making or receiving a phone call; sending or receiving a message, including text, audio, photograph, video, email and multimedia messages; recorded voice data, voice messages, taking a photograph; recording the device’s location; receiving and playing an FM or satellite radio broadcast; connecting to an 802.11 or Bluetooth access point; and using other device applications. The data most often related to an event include at least one of: the time, date and location of an event. However, other event-related data include a filename, a mobile device number (MDN) and a contact name. Commonly, the mobile device records events and provides a time, date and location stamp for each event. The events and event-related data can be recorded in sequence and can be stored on the mobile device.

This seems to suggest that

  • basically all activity on the phone can be logged
  • the software can be turned on by default
  • the software can be turned on and off from the server

All this information would be grouped together and uploaded either with the user’s permission or without it:

[0025] The mobile devices may be configured to store one or more data sets and upload the data sets to the data server. In one embodiment, the data sets are uploaded automatically without user intervention, while in other embodiments the mobile device presents a query to the user beforehand. When the mobile device is ready to upload one or more sessions to the data server, a pop-up screen or dialog may appear and present the user with various options. Three such options include (1) delete session, (2) defer and ask again and (3) upload now. The user interface may present the query every time a session is ready to upload, or the user may be permitted to select multiple sessions for deletion, a later reminder or upload all at once. In another embodiments, the uploading of sessions may occur automatically without user intervention. Uploads may also be configured to occur when the user is less likely to be using the device.

This point—about the option to collect such data without the user’s say-so—is confirmed in [0030]:

Although typically the device and the server do not record, upload and collect data unless the user requests it, in other embodiments the communication device and the server automatically record, upload and collect data until the user affirmatively requests otherwise.

And in [0046]:

In embodiments where participation in the data collection services is the default configuration for a mobile device (e.g., an “opt-out” model), it is not necessary to receive a request from a user prior to recording data.

An ‘opt-out’ model is hard to visualize if this is a product that is a user-centric lifestream.

While patents only tell part of the story, there’s no evidence of any such consumer-facing product on Carrier IQ’s website, so one has to assume these capabilities have been, or could be, wrapped into their carrier-centric services. In that sense, I think there’s plenty of interest in here.

Thwarting the VoIP Eavesdroppers

Interesting piece in Intelligence Online (subscription only) which mentions the growth of both software to intercept VoIP traffic, and services to thwart it. Companies mentioned: Amteus [company website] which “has developed secure software for Voice over IP (VoIP) communications but also for e-mail and file swaps.” Amteus basically works by establishing a peer to peer connection and encrypts with a one time key. On the other side of the fence, the article says, are companies “like Israeli firms Nice Systems and Verint as well as France’s Aqsacom, are already marketing solutions to break into and record telephone conversations on the Internet.” [all corporate websites]

An interesting world
 

Indian Slumdwellers Protest Biometric Scanning of Impersonators. I Think

Who says that privacy is only an issue in the First World? According to The Times of India residents of Palsora and Lal Bahadur Shastri colonies have demonstrated against “alleged irregularities in the biometric test, which is being carried out in the slum areas to check “impersonation at any level.” The problem, it seems, is that people have been impersonating other people, sometimes twice, to register or occupy property.

A couple of interesting things about this. First off, this is not just any old biometric test. The administration, the story says, plans to test “all those living in slums [who] will have to furnish details of their fingerprints, photographs, face recognition, voice recognition, signature, shape of the hand, and other such details.” This sounds quite advanced. (Shape of the hand? Is this a first? ) Slumdwellers would also be asked to submit the usual stuff, such as “personal details, including date and place of birth, father’s name, number of family members, present address, et al.” All in all, that’s quite a survey. The government is going to have more data on the slumdwellers of Chandigarh than probably anyone else on the planet.

Slumdwellers are now protesting outside the regional government offices, probably as we speak. Well, not today, as it’s the Hindu New Year, I believe. However, they are not up in arms about this apparent invasion of their privacy (voice recognition?), but that “genuine people were being ignored in the survey.” I take this to mean (and I could be wrong) that the survey teams seem to be focusing mainly on impersonators. (Can that be right? – Ed) If true, this might be the first recorded Protest Against A Survey of Slumdweller Impersonators.

China’s Facial Recognition System

China is about to launch a new facial recognition system “which will be used in public places, such as airports, post offices, customs entrances and even residential communities”, according to today’s China Daily (no URL available yet.)

The invention, developed by Su Guangda, an Electronic Engineering Department professor with Beijing-based Tsinghua University, has been approved by a panel of experts from the Ministry of Public Security, the paper says. The system “excels at capturing moving facial images and features a multi-camera technology to lower the error for mismatching.”

Of course this is a sensitive area, particularly in China. The paper says the technology is already in place, but “limited to police use. The technology has helped the police in Beijing solve a few criminal cases involving child abduction and supermarket blackmail in the past few years.” But its creator is quoted as pushing for broader use, saying residential communities, airports and banks could use it. Since China has no fingerprint database for the general public, instead the photo on the national ID card “might help establish a facial database easily.”

Su said one feature of the system is the use of multiple cameras to limit errors, although it’s not clear from the report whether we’re talking multple cameras at an entry point to capture different profiles of the face, or millions of cameras all over the place to capture everyone everywhere.

The professor does acknowledge privacy concerns. His solution: “As long as you don’t save the picture in the computer and just scan individual faces quickly, the privacy violation is not an issue,” Su said. “And we could realize that by avoiding adding a picture saving function to the technology,” he said.

I’m no expert, but I don’t really see how that is a solution. Surely that could easily be circumvented by an over-eager security team, and in any case, it doesn’t really address the underlying concerns about use of facial recognition, although maybe that horse has already bolted. An earlier piece in the China Daily said the database already has 2.56 million faces and can make a face match within a second and has been in use for a year to catch suspects on the run.

Keeping the Keyloggers out of the Basement

Here’s a product about to be announced that claims to really protect users against keylogging — when bad guys capture the keystrokes you make and then transmit it back to base: StrikeForce’s WebSecure (PDF file):

The basic idea, StrikeForce’s PR guy Adam Parken tells me, is that “keystrokes are encrypted at the hardware driver and delivered directly to the browser.” This, he says, “gets around the OS, messaging service, etc. where keyloggers normally hide.” It looks a bit like this (from a WebSecure presentation):

Websec

If that makes any sense. The grey boxes are the bits in between the keyboard and the network, and they’re all places that keyloggers hide. Anti-keylogging programs, as I understand them, are usually merely programs that try to guess what’s going on, and, if they see something sleazy, warn the user. Usually this is based on a prior knowledge, or library, of known keyloggers or known keylogging tricks.

WebSecure, instead, according to the press release, “automatically encrypts every keystroke at the keyboard level, then reroutes those encrypted keystrokes directly to the Web browser, bypassing the multiple communication areas that are vulnerable to keylogging attacks.”

WebSecure is going to be demoed at DEMO here sometime in the next 24 hours or so. If they do the job seamlessly and as promised, WebSecure could be quite a useful tool for companies and end users. But it’s an area long tackled and never conquered by security software developers, so I’m not holding my breath.

Estonia Nets A Big Phish

The Register, quoting AP, says that an Estonian man suspected of plundering millions from hundreds of online bank accounts accounts across Europe was arrested last week. AP reports that the unnamed 24 year-old allegedly used a sophisticated Trojan in order to monitor the keystrokes on victims’ PCs and extract confidential banking passwords that allowed him to plunder online accounts.

The unnamed Trojan was bulk mailed to prospective victims in emails that promised lucrative job offers from government institutions, banks and investment firms. In reality it linked to a web page hosting malicious code.

Jaan Priisalu, an IT risk manager at Hansabank, told AP the Trojan used in scam was the most sophisticated he had ever seen. For a long time, AP says, it evaded anti-virus protection software and it erased all traces of itself from hard drives after it had exhausted its usefulness.

Which of course, begs the question: How many other trojans are out there evading our defences? And does evading anti-virus software mean the trojan was never identified and added to anti-virus libraries, or does it mean it was added but not caught by the software? Either way, it’s worrying.

A New Way To Foil Keyloggers?

PC Tools has released a new version of Spyware Doctor, 3.2, with what it calls “groundbreaking Keylogger Guard technology that protects users from identity thieves”. A press release says:

Existing solutions can allow keylogger threats to run undetected for weeks or months by which time the damage is already done. Spyware Doctor 3.2’s Keylogger Guard detects and removes keylogger threats in real-time before they are able to steal personal information.

It does this by looking at “behavior rather than signatures….Keylogger Guard detects the behavior immediately, blocking keyloggers from installing on the user’s system and protecting customers right away, not weeks or months too late.”

Sounds interesting, although I’m not sure it’s exactly groundbreaking. Or is it? A trial version of Spyware Doctor 3.2 can be downloaded at www.pctools.com and costs $30.

The world’s biggest phishing attack?

This London bank raid seems impressive:

The investigation was started last October after it was discovered that computer hackers had gained access to Sumitomo Mitsui bank’s computer system in London.

They managed to infiltrate the system with keylogging software that would have enabled them to track every button pressed on computer keyboards.

Of course, it’s likely that there are lots more cases like this we don’t hear about. As Computerworld reports:

[Security experts] Cluley and Barnes said keylogging hacks are more common than thought, and they said the $423 million plot was probably the largest corporate case that had been made public. Both experts said it’s unclear what kind of keylogging was used.

The two speculate it could have been a physical keylogger dongle, installed by a cleaner (although that would mean the dongle would probably have to be retrieved somehow since any traffic through the company’s servers would be noticed. At least, one would hope so.)

Pay Money, Scan Barcodes With Your Cellphone

ScanZoom, which allows camera phone users to scan barcodes to compare prices in stores and obtain other information and services, is now available. It will work with most camera phones, but there’s a catch: You have to pay $10 for the software, $10 for a special macro zoom lens, and another $5 or so to get it to you. A similar version if available for webcams.

I haven’t tried it out yet, but if I recall correctly a barcode reading pen was available a few years back — the C Pen, if I’m not mistaken, which turned out to be less of a success than its makers hoped for. The idea was for users to scan barcodes they found in magazines and then send the data to their computer, which would in turn, er, tell them about the product they’d just read about in the magazine. I might be getting this wrong, but a) I couldn’t find that many companies that had been loaded into the pen’s database for it to work and b) how many people are going to do this kind of thing for it to work?

ScanZoom could be different, in that the user doesn’t have to do that much. But clearly the need for a macro zoom lens on the camera phone is going to be an inhibitor (can you still use the phone with the lens on it?), as it the fact you’ve got to pay $20 to get started. Unless the service really does help you get good prices, rather than just throw more advertising at you and steer you to certain vendors, you might be wondering who the chump is.

Still, as infoSync World reported late last year, this kind of thing is common enough in Japan. And ScanBuy, the company behind ScanZoom, says it used the technology at a soccer game in Spain earlier this year to ID ticket holders. And they’re not shy in their claims: Their PR blurb says (PDF only)

Optical Intelligence enables camera equipped cell phones and other mobile devices with barcode-reading functionality. This technology will drastically change use of cell phones as we know it today as the biggest problem with the cell phones, namely the input mechanisms, is now solved. With the new generation of devices, ScanZoom will allow to send an email, give a call, access a website, download music or purchase items according to the data scanned.

I’ve requested a review unit and will report back.