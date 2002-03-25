from the dystopia-is-now! dept.
https://arstechnica.com/information-technology/2025/02/the-surveillance-tech-waiting-for-workers-as-they-return-to-the-office/
Scan the online brochures of companies who sell workplace monitoring tech and you'd think the average American worker was a renegade poised to take their employer down at the next opportunity.
[...]
A new wave of return-to-office mandates has arrived since the New Year, including at JP Morgan Chase, leading advertising agency WPP, and Amazon—not to mention President Trump's late January directive to the heads of federal agencies to "terminate remote work arrangements and require employees to return to work in-person ... on a full-time basis."
[...]
The question is, what exactly are we returning to?
Take any consumer tech buzzword of the 21st century and chances are it's already being widely used across the US to monitor time, attendance, and, in some cases, the productivity of workers, in sectors such as manufacturing, retail, and fast food chains: RFID badges, GPS time clock apps, NFC apps, QR code clocking-in, Apple Watch badges, and palm, face, eye, voice, and finger scanners. Biometric scanners have long been sold to companies as a way to avoid hourly workers "buddy punching" for each other at the start and end of shifts—so-called "time theft." A return-to-office mandate and its enforcement opens the door for similar scenarios for salaried staff.
[...]
HID's OmniKey platform. Designed for factories, hospitals, universities, and offices, this is essentially an all-encompassing RFID log-in and security system for employees, via smart cards, smartphone wallets, and wearables. These will not only monitor turnstile entrances, exits, and floor access by way of elevators but also parking, the use of meeting rooms, the cafeteria, printers, lockers, and yes, vending machine access.
[...]
Depending on the survey, approximately 70 to 80 percent of large US employers now use some form of employee monitoring, and the likes of PwC have explicitly told workers that managers will be tracking their location to enforce a three-day office week policy.
[...]
Wolfie Christl, a researcher of workplace surveillance for Cracked Labs, a nonprofit based in Vienna, Austria. "We're moving toward the use of all kinds of sensor data, and this kind of technology is certainly now moving into the offices. However, I think for many of these, it's questionable whether they really make sense there."
[...]
Cracked Labs published a frankly terrifying 25-page case study report in November 2024 showing how systems of wireless networking, motion sensors, and Bluetooth beacons, whether intentionally or as a byproduct of their capabilities, can provide "behavioral monitoring and profiling" in office settings.
The project breaks the tech down into two categories: The first is technology that tracks desk presence and room occupancy, and the second monitors the indoor location, movement, and behavior of the people working inside the building.
[...]
At the end of January, Logitech showed off its millimeter-wave radar Spot sensors, which are designed to allow employers to monitor whether rooms are being used and which rooms in the building are used the most. A Logitech rep told The Verge that the peel-and-stick devices, which also monitor VOCs, temperature, and humidity, could theoretically estimate the general placement of people in a meeting room.
[...]
Cisco's Spaces cloud platform has digitized 11 billion square feet of enterprise locations, producing 24.7 trillion location data points. The Spaces system is used by more than 8,800 businesses worldwide and is deployed by the likes of InterContinental Hotels Group, WeWork, the NHS Foundation, and San Jose State University, according to Cisco's website.
While it has applications for retailers, restaurants, hotels, and event venues, many of its features are designed to function in office environments, including meeting room management and occupancy monitoring. Spaces is designed as a comprehensive, all-seeing eye into how employees (and customers and visitors, depending on the setting) and their connected devices, equipment, or "assets" move through physical spaces.
[...]
Some of these analytics use aggregate data, but Cracked Labs details how Spaces goes beyond this into personal data, with device usernames and identifiers that make it possible to single out individuals. While the ability to protect privacy by using MAC randomization is there, Cisco emphasizes that this makes indoor movement analytics "unreliable" and other applications impossible—leaving companies to make that decision themselves.
[...]
"Cisco is simply everywhere. As soon as employers start to repurpose data that is being collected from networking or IT infrastructure, this quickly becomes very dangerous, from my perspective," says Christl. "With this kind of indoor location tracking technology based on its Wi-Fi networks, I think that a vendor as major as Cisco has a responsibility to ensure it doesn't suggest or market solutions that are really irresponsible to employers.
"I would consider any productivity and performance tracking very problematic when based on this kind of intrusive behavioral data." WIRED approached Cisco for comment but didn't receive a response before publication.
Cisco isn't alone in this, though. Similar to Spaces, Juniper's Mist offers an indoor tracking system that uses both Wi-Fi networks and Bluetooth beacons to locate people, connected devices, and Bluetooth tagged badges on a real-time map, with the option of up to 13 months of historical data on worker behavior.
[...]
If warehouse-style tracking has the potential for management overkill in office settings, it makes even less sense in service and health care jobs, and American unions are now pushing for more access to data and quotas used in disciplinary action. Elizabeth Anderson, professor of public philosophy at the University of Michigan and the author of Private Government: How Employers Rule Our Lives, describes how black-box algorithm-driven management and monitoring affects not just the day-to-day of nursing staff but also their sense of work and value.
[...]
This kind of monitoring extends to service workers, including servers in restaurants and cleaning staff, according to a 2023 Cracked Labs' report into retail and hospitality. Software developed by Oracle is used to, among other applications, rate and rank servers based on speed, sales, timekeeping around breaks, and how many tips they receive.
[...]
Anderson points to a scene in Erik Gandini's 2023 documentary After Work that shows an Amazon delivery driver who is monitored, via camera, for their driving, delivery quotas, and even getting dinged for using Spotify in the van.
"It's very tightly regulated and super, super intrusive, and it's all based on distrust as the starting point," she says.
[...]
A 2023 Pew Research study found that 56 percent of US workers were opposed to the use of AI to keep track of when employees were at their desks, and 61 percent were against tracking employees' movements while they work.
This dropped to just 51 percent of workers who were opposed to recording work done on company computers, through the use of a kind of corporate "spyware" often accepted by staff in the private sector. As Josh Bersin puts it, "Yes, the company can read your emails" with platforms such as Teramind, even including "sentiment analysis" of employee messages.
[...]
New reporting from WIRED, based on conversations with employees at 13 federal agencies, reveals the extent of Elon Musk's DOGE team's surveillance: software including Google's Gemini AI chatbot, a Dynatrace extension, and security tool Splunk have been added to government computers in recent weeks, and some people have felt they can't speak freely on recorded and transcribed Microsoft Teams calls.
[...]
Alongside mass layoffs and furloughs over the past four weeks, the so-called Department of Government Efficiency has also, according to CBS News and NPR reports, gone into multiple agencies in February with the theater and bombast of full X-ray security screenings replacing entry badges at Washington, DC, headquarters
[...]
DOGE staff have reportedly even added keylogger software to government computers to track everything employees type, with staff concerned that anyone using keywords related to progressive thinking or "disloyalty" to Trump could be targeted—not to mention the security risks it introduces for those working on sensitive projects. As one worker told NPR, it feels "Soviet-style" and "Orwellian" with "nonstop monitoring." Anderson describes the overall DOGE playbook as a series of "deeply intrusive invasions of privacy."
Related stories on SoylentNews:
10 Years on After 'Data and Goliath' Warned of Data Collection - 20250220
Surveillance and Digital Control at Work - 20241127
Location Tracking of Phones is Out of Control. Here's How to Fight Back. - 20241025
Hacked, Leaked, Exposed: Why You Should Never Use Stalkerware Apps - 20240623
Digital Surveillance is Omnipresent in China. Here's How Citizens Are Coping - 20240430
How to be More Anonymous Online - 20240109
E-Books are Fast Becoming Tools of Corporate Surveillance - 20231217
IBM Promised to Back Off Facial Recognition - Then It Signed a $69.8 Million Contract to Provide It - 20230902
The UK's Secretive Web Surveillance Program is Ramping Up - 20230521
Inside the Bitter Campus Privacy Battle Over Smart Building Sensors - 20230410
FISA Oversight Board Member Says Americans Need More Privacy Protections as Congress Debates Section - 20230314
How Denmark's Welfare State Became a Surveillance Nightmare - 20230307
'NO': Grad Students Analyze, Hack, and Remove Under-Desk Surveillance Devices Designed to Track Them - 20221207
Dutch Court Rules that Being Forced to Keep a Webcam on While Working is Illegal - 20221011
Remote Workers Say They're Productive at Home. Bosses Don't Agree - 20220927
Employees are Facing More Online Surveillance Than Ever - 20220228
Big Tech Call Center Colombian Workers Face Pressure to Accept Home Surveillance - 20210809
China's Tech Workers Pushed to Limits by Surveillance Software - 20210614
There are Spying Eyes Everywhere—and Now They Share a Brain - 20210208
Microsoft Revamps 'Invasive' M365 Feature After Privacy Backlash - 20201202
France is Using AI to Check Whether People are Wearing Masks on Public Transport - 20200510
EFF Warns of 'One-Way Mirror' of Web Surveillance by Tech Giants - Led by Google - 20191203
Billions of License Plate Scans are Part of a Private Surveillance Database - 20190918
How U.S. Tech Giants are Helping to Build China's Surveillance State - 20190713
Workplace Monitoring and Surveillance - 20190312
Alarm Over Talks to Implant UK Employees With Microchips - 20181113
New York's Free LinkNYC Internet Kiosks May Be Tracking Your Movements - 20180912
BAE Systems Sold Cyber-Surveillance Tools to Autocratic Regimes - 20170616
Obama Opens NSA's Vast Trove of Warrantless Data to the Entire Intelligence Community - 20170115
This Employee ID Badge Monitors and Listens to You at Work - 20160911
Wearables at Work are the New Spy Tool, UK Workers Say - 20160622
EFF Launches the Cell-Site Simulator Section of Street Level Surveillance - 20151215
See Through Walls by Passive Radiation From Wi-Fi - 20150812
Bruce Schneier: Four Ways You Can Protect Yourself from Digital Surveillance - 20150320
Google's Next Step in Real-Time Surveillance - 20141106
Related Stories
Nest plans to offer its smart thermostat to Irish consumers for free when they sign up for a two-year contract with Electric Ireland. Nest chief executive Tony Fadell said at the Web Summit in Dublin that the deal could put his company’s thermostats in up to 1.6 million homes, according to CNET, and claimed that similar deals would be announced for other countries in the future.
[...] Google is infamous for its ability to offer consumers products which are paid for not by their users but by the ads those users see. Its products are among the best in their categories, and when it’s free to use them, there’s little reason for consumers to pay for another service. Now Google is just applying that same logic to the real world — and it will probably work out for it just as well.
Even I’ve grown sick of hearing this sentiment, but it’s more relevant now than ever: If you aren’t the one paying for a service, you are the product.
If a policeman sits down within earshot, it's within your rights to move your conversation someplace else. If the FBI parks a van bristling with cameras outside your house, you are perfectly justified in closing your blinds.
Likewise, there are many ways we can protect our personal data and defend ourselves against surveillance. I'm going to break them down into categories...
- Avoid Surveillance
- Distort Surveillance
- Block Surveillance
- Break Surveillance
The article has a lot of practical tips and techniques under those categories in easy, accessible language. They are useful even for those of us who work in technology, and are fine to hand to non-techie friends and family. Thanks, Bruce, for the 21st-century samizdat! [*]
[*] Editor's note: Samizdat (Russian: самизда́т, IPA: [səmɨzˈdat]) was a key form of dissident activity across the Soviet bloc in which individuals reproduced censored publications by hand and passed the documents from reader to reader.
Researchers at University College London (UCL) have devised a system for detecting the Doppler shifts of ubiquitous Wi-Fi and mobile telephone signals to "see" people moving, even behind masonry walls 25 centimeters thick. The method, which could be useful in situations from hostage-takings to traffic control, won the Engineering Impact Award in the RF and Communications category at this National Instrument's NI Week 2015 meeting (which convened in Austin, Tex., 3-9 August).
Other researchers—notably Dina Katabi and Fadel Adib of MIT—have built through-wall radars in the household communication bands, but these are active radars that transmit as well as receive. The UCL technique uses only passive radiation—from Wi-Fi routers (using emissions in any of the IEEE 802.11 b, g, n, ac), ambient GSM and LTE mobile signals, and other sources—so there is nothing to betray the surveillance. The system calculates the positions of hidden target by comparing two signals: a reference channel, receiving the baseline signal from the Wi-Fi access point or other RF source, and a surveillance channel, which picks up Doppler-shifted waves reflecting from the moving subject.
Tan and company built their "high Doppler resolution passive Wi-Fi radar" on two multi-frequency, software-defined, FPGA-based transceivers (National Instruments' USRP, or Universal Software Radio Peripheral. The system compares the reference and surveillance signals, interprets the very small frequency shifts, and reveals the hidden subject's location and motion.
This article has been visited 15 million times by teenage boys.
Digital analyzer. IMSI catcher. Stingray. Triggerfish. Dirt box. Cell-site simulator. The list of aliases used by the devices that masquerade as a cell phone tower, trick your phone into connecting with them, and suck up your data, seems to grow every day. But no matter what name cell-site simulators go by, whether they are in the hands of the government or malicious thieves, there's no question that they're a serious threat to privacy.
That's why EFF is launching the cell-site simulator section of Street Level Surveillance today.
EFF's Street Level Surveillance Project unites our past and future work on domestic surveillance technologies into one easily accessible portal. On this page, you'll find all the materials we have on each individual technology gathered into one place. Materials include FAQs about specific technologies, infographics and videos explaining how technologies work, and advocacy materials for activists concerned about the adoption of street level surveillance technologies in their own community. In the coming months, we'll be adding materials on drones, stingrays, and fusion centers.
In a survey of 2,000 workers across the UK, only 46pc of people said they would accept a free piece of wearable technology if their employers had access to the data recorded.
This was despite the fact that two-thirds of respondents wanted their employer to take an active role in their health and well-being. The biggest barrier to adoption was trust, with 40pc saying they don't trust their employer to use it for their benefit, and in fact believe it will actively be used against them.
[...] "Employers haven't been able to overcome the 'big brother' reaction from people to sharing their personal data," said Anthony Bruce, people analytics leader at PwC. "If [they] want to overcome the trust gap they need to show that they are serious about data security and communicate openly with their staff about the benefits for them."
This is borne out by the survey, which found that if workplace benefits such as flexible hours and remote working were promised, 55pc (rather than 46pc) were willing to accept a free wearable device from work.
[...] Workplace surveillance has become far easier and more commonplace because of technology. This ranges from heart-rate monitors for NHS workers to GPS trackers for long-distance lorry drivers.
Misgivings about employers spying was further bolstered by a January ruling from the European Court of Human Rights confirming that companies are allowed to spy on employee data, if it is deemed work-related.
Source: The Telegraph
https://www.washingtonpost.com/news/business/wp/2016/09/07/this-employee-badge-knows-not-only-where-you-are-but-whether-you-are-talking-to-your-co-workers/
Do you hog office conversations? Or not talk enough? Does your voice squeal Do you sit very still at your desk all day? Or do you fidget under stress? Where do you go in the office? How much time do you spend there? To whom do you talk?
An employee badge can now measure all this and more, all with the goal of giving employers better information to evaluate performance. Think of it as biometrics meets the boss.
A Boston company has taken technology developed at MIT and turned it into special badges that hang around your neck on a lanyard. Each has two microphones doing real-time voice analysis, and each comes with sensors that follow where you are in the office, with motion detectors to record how much you move. The beacons tracking your movements are omitted from bathroom locations, to give you some privacy.
[...] Those concerned about their privacy might be alarmed by the arrival of such badges. But Humanyze says it doesn't record the content of what people say, just how they say it. And the boss doesn't get to look at individuals' personal data. It is also up to the employee to decide whether they want to participate.
"Those are things we hammer home," Waber said. "If you don't give people choice, if you don't aggregate instead of showing individual data, any benefit would be dwarfed by the negative reaction people will have of you coming in with this very sophisticated sensor."
[...] Waber said the company is careful not to divulge personal data to the employer, preferring instead to stick with broad analytics. Employees get to see their own data, but managers do not get to identify the employee with the specific data.
-- submitted from IRC
If you thought government surveillance was bad already, it just got worse. A lot worse.
[T]he Obama administration on Thursday announced new rules that will let the NSA share vast amounts of private data gathered without warrant, court orders or congressional authorization with 16 other agencies, including the FBI, the Drug Enforcement Agency, and the Department of Homeland Security.
The new rules allow employees doing intelligence work for those agencies to sift through raw data collected under a broad, Reagan-era executive order that gives the NSA virtually unlimited authority to intercept communications abroad. Previously, NSA analysts would filter out information they deemed irrelevant and mask the names of innocent Americans before passing it along.
[...] Executive Order 12333, often referred to as "twelve triple-three," has attracted less debate than congressional wiretapping laws, but serves as authorization for the NSA's most massive surveillance programs — far more than the NSA's other programs combined. Under 12333, the NSA taps phone and internet backbones throughout the world, records the phone calls of entire countries, vacuums up traffic from Google and Yahoo's data centers overseas, and more.
In 2014, The Intercept revealed that the NSA uses 12333 as a legal basis for an internal NSA search engine that spans more than 850 billion phone and internet records and contains the unfiltered private information of millions of Americans.
[...] But this massive database inevitably includes vast amount of American's communications — swept up when they speak to people abroad, when they go abroad themselves, or even if their domestic communications are simply routed abroad. That's why access was previously limited to data that had already been screened to remove unrelated information and information identifying U.S. persons. The new rules still ostensibly limit access to authorized foreign intelligence and counterintelligence purposes — not ordinary law enforcement purposes — and require screening before they are more widely shared. But privacy activists are skeptical.
Submitted via IRC for TheMightyBuzzard
British multinational BAE Systems has sold sophisticated surveillance technology to many repressive governments in the Middle East and Africa, an investigation by BBC Arabic and Danish newspaper Dagbladet has revealed.
The technology in question is called Evident, and enables governments to conduct mass surveillance of their citizens’ communications. According to a former employee, the system is capable of intercepting traffic, pinpointing device location, traffic cryptanalysis (i.e. decryption), and voice recognition.
Evident was created by Danish cyber and intelligence company ETI, which was acquired by BAE Systems in 2011. The sales, which were effected through ETI, are technically legal as the export authorization for the technology was given by the Danish government, through the Danish Business Authority.
The export licenses were granted even though the UK government has expressed concern about the sale of the Evident technology to the United Arab Emirates, and has noted that it would “refuse a licence to export this cryptanalysis software from the UK” because of national security concerns.
They were apparently worried that the system’s capabilities could be used to tap communications in the UK and Europe, if the equipment is set up in UAE embassies.
The Evident system has also been sold to the Tunisian government (before the Arab Spring protests and successful ousting of longtime president Ben Ali in 2011), Saudi Arabia, Qatar, Oman, Morocco and Algeria, whose governments have questionable human rights records.
Source: Help Net Security
LinkNYC kiosks have become a familiar eyesore to New Yorkers. Over 1,600 of these towering, nine-and-a-half-foot monoliths — their double-sided screens festooned with ads and fun facts — have been installed across the city since early 2016. Mayor Bill de Blasio has celebrated their ability to provide "the fastest and largest municipal Wi-Fi network in the world" as "a critical step toward a more equal, open, and connected city for every New Yorker, in every borough." Anyone can use the kiosks' Android tablets to search for directions and services; they are also equipped with charging stations, 911 buttons, and phones for free domestic calls.
But even as the kiosks have provided important services to connect New Yorkers, they may also represent a troubling expansion of the city's surveillance network, potentially connecting every borough to a new level of invasive monitoring. Each kiosk has three cameras, 30 sensors, and heightened sight lines for viewing above crowds.
[...] Now an undergraduate researcher has discovered indications in LinkNYC code — accidentally made public on the internet — that LinkNYC may be actively planning to track users' locations.
From The Guardian:
Britain's biggest employer organisation and main trade union body have sounded the alarm over the prospect of British companies implanting staff with microchips to improve security.
UK firm BioTeq, which offers the implants to businesses and individuals, has already fitted 150 implants in the UK.
The tiny chips, implanted in the flesh between the thumb and forefinger, are similar to those for pets. They enable people to open their front door, access their office or start their car with a wave of their hand, and can also store medical data.
[...] Steven Northam, the founder and owner of Hampshire-based BioTeq, told the Guardian that most of its 150 implants have been for individuals, while some financial and engineering firms have also had the chips implanted in their staff.
BioTeq has also implanted them in employees of a bank testing the technology, and has shipped them to Spain, France, Germany, Japan and China.
We recently covered similar technology being used in Sweden but the idea of implanting a tracking chip in a human for identification is nothing new.
Data & Society just published a report entitled Workplace Monitoring & Surveillance:
New technologies are enabling more varied and pervasive monitoring and surveillance practices in the workplace. This monitoring is becoming increasingly intertwined with data collection as the basis for surveillance, performance evaluation, and management. Monitoring and surveillance tools are collecting new kinds of data about workers, enabling quantification of activities or personal qualities that previously may not have been tracked in a given workplace—expanding the granularity, scale, and tempo of data collection. Moreover, workplace monitoring and surveillance can feed automated decision-making and inform predictions about workers' future behaviors, their skills or qualities, and their fitness for employment. Monitoring and surveillance can shift power dynamics between workers and employers, as an imbalance in access to worker data can reduce negotiating power.
This explainer highlights four broad trends in employee monitoring and surveillance technologies:
How U.S. Tech Giants are Helping to Build China's Surveillance State:
AN AMERICAN ORGANIZATION founded by tech giants Google and IBM is working with a company that is helping China's authoritarian government conduct mass surveillance against its citizens, The Intercept can reveal.
The OpenPower Foundation — a nonprofit led by Google and IBM executives with the aim of trying to "drive innovation" — has set up a collaboration between IBM, Chinese company Semptian, and U.S. chip manufacturer Xilinx. Together, they have worked to advance a breed of microprocessors that enable computers to analyze vast amounts of data more efficiently.
Shenzhen-based Semptian is using the devices to enhance the capabilities of internet surveillance and censorship technology it provides to human rights-abusing security agencies in China, according to sources and documents. A company employee said that its technology is being used to covertly monitor the internet activity of 200 million people.
[...] After receiving tips from confidential sources about Semptian's role in mass surveillance, a reporter contacted the company using an assumed name and posing as a potential customer. In response, a Semptian employee sent documents showing that the company — under the guise of iNext — has developed a mass surveillance system named Aegis, which it says can "store and analyze unlimited data."
Aegis can provide "a full view to the virtual world," the company claims in the documents, allowing government spies to see "the connections of everyone," including "location information for everyone in the country."
The system can also "block certain information [on the] internet from being visited," censoring content that the government does not want citizens to see, the documents show.
[The Semptian video demonstration showing how the Aegis system tracks people's movements is embedded in the article]
[Related Cloud Platform by IBM - China]: SuperVessel
Submitted via IRC for Fnord666
Billions of license plate scans are part of a private surveillance database
The US government might have reconsidered its plans for license plate recognition, but companies haven't -- and they've raised serious privacy concerns in the process. Motherboard has posted an exposé detailing the Digital Recognition Network, a privately run database that collects legions of plate recognition scans (roughly 9 billion to date) from repo drivers with camera-equipped cars. The system automatically captures both the plates and locations of every car they drive by, making it possible to track the movement of car owners across the US over months or even years. Anyone with access could find out where you live, work and socialize.
[...] As you might have already suspected, this automatic data gathering creates many issues. For one, most of the vehicles in the database are of completely innocent people who have no way of knowing if they're even included in the data set. And while a spokesperson for DRN said the company "takes data security seriously" and doesn't allow access without its approval, there have been instances where unauthorized people have obtained that access. It's feasible that users (approved and otherwise) could exploit this for stalking or gaining the upper hand in court without revealing sources.
Law enforcement can also use the system, and DRN's sibling brand Vigilant Solutions sells the tech to government agencies. That raises the potential of rogue officers using the plate tracking to intimidate protesters or witnesses of police abuses.
Submitted via IRC for Bytram
EFF warns of 'one-way mirror' of web surveillance by tech giants - led by Google
As the sacred shopping season gets underway, the Electronic Frontier Foundation has issued a report detailing the privacy cost of surveillance-based commerce.
Issued on the Monday after the US observance of Thanksgiving, a day so known for online shopping that marketers branded the event with its own commerce-promoting moniker, "Behind the One-Way Mirror" explores the technology of corporate data gathering, specifically third-party tracking. That's when websites and applications include code that enables entities other than the website or app publisher to gather data about those interacting with the software.
"The purpose of this paper is to demystify tracking by focusing on the fundamentals of how and why it works and explain the scope of the problem," said Bennett Cyphers, EFF staff technologist and report author, in a statement.
"We hope the report will educate and mobilize journalists, policy makers, and concerned consumers to find ways to disrupt the status quo and better protect our privacy."
The problem, as the EFF sees it, is such data tends to be collected surreptitiously, without meaningful consent.
"Most third-party data collection in the US is unregulated," said Cyphers. "The first step in fixing the problem is to shine a light, as this report does, on the invasive third-party tracking that, online and offline, has lurked for too long in the shadows."
[...] Asked why the EFF is revisiting this topic now after years of minimal progress, Cyphers in an email said, "Never before has so much tracking power been concentrated in the hands of so few companies. GAFT [Google, Amazon, Facebook, and Twitter] have more data from more places that they can tie to single identities."
Cyphers is hopeful that government officials around the world may be ready, finally, to support substantive privacy rules.
"There is real momentum behind privacy legislation, both in the US and abroad, and we want to make sure lawmakers know what and how to regulate," he said.
"The tracking industry is huge and convoluted, and you can easily make rules that don't reflect the way things really work, or that play right into the hands of the biggest actors. We're trying to say, 'This problem is big, and complicated, and subtle, but it's not intractable.' We really don't want to waste the opportunity to score meaningful wins for privacy."
France is using AI to check whether people are wearing masks on public transport:
France is integrating new AI tools into security cameras in the Paris metro system to check whether passengers are wearing face masks.
The software, which has already been deployed elsewhere in the country, began a three-month trial in the central Chatelet-Les Halles station of Paris this week, reports Bloomberg. French startup DatakaLab, which created the program, says the goal is not to identify or punish individuals who don’t wear masks, but to generate anonymous statistical data that will help authorities anticipate future outbreaks of COVID-19.
“We are just measuring this one objective,” DatakaLab CEO Xavier Fischer told The Verge. “The goal is just to publish statistics of how many people are wearing masks every day.”
The pilot is one of a number of measures cities around the world are introducing as they begin to ease lockdown measures and allow people to return to work. Although France, like the US, initially discouraged citizens from wearing masks, the country has now made them mandatory on public transport. It’s even considering introducing fines of €135 ($145) for anyone found not wearing a mask on the subway, trains, buses, or taxis.
Microsoft Revamps 'Invasive' M365 Feature After Privacy Backlash:
Microsoft has announced what it calls a more privacy-friendly version of its Productivity Score enterprise feature, following backlash from security experts who condemned it as "full-fledged workplace surveillance tool."
The Productivity Score feature, which was launched as part of the Microsoft 365 productivity suite on Oct. 29, aimed to provide enterprises with data about how employees were utilizing technology. The idea behind the feature is to provide employees with a "score" based on metrics collected from their usage of Microsoft 365 products. For instance, an employee who uses Microsoft Teams, Outlook or Skype more might have a higher score.
However, following privacy concerns about the feature, the tech giant announced on Tuesday several changes to Productivity Score. "At Microsoft, we believe that data-driven insights are crucial to empowering people and organizations to achieve more," Jared Spataro, corporate vice president for Microsoft 365, said in a blog post Tuesday. "We also believe that privacy is a human right, and we're deeply committed to the privacy of every person who uses our products."
'Tis but a snippet; I recommend reading the whole article.
One afternoon in the fall of 2019, in a grand old office building near the Arc de Triomphe, I was buzzed through an unmarked door into a showroom for the future of surveillance. The space on the other side was dark and sleek, with a look somewhere between an Apple Store and a doomsday bunker. Along one wall, a grid of electronic devices glinted in the moody downlighting—automated license plate readers, Wi-Fi-enabled locks, boxy data processing units. I was here to meet Giovanni Gaccione, who runs the public safety division of a security technology company called Genetec. Headquartered in Montreal, the firm operates four of these "Experience Centers" around the world, where it peddles intelligence products to government officials. Genetec's main sell here was software, and Gaccione had agreed to show me how it worked.
He led me first to a large monitor running a demo version of Citigraf, his division's flagship product. The screen displayed a map of the East Side of Chicago. Around the edges were thumbnail-size video streams from neighborhood CCTV cameras. In one feed, a woman appeared to be unloading luggage from a car to the sidewalk. An alert popped up above her head: "ILLEGAL PARKING." The map itself was scattered with color-coded icons—a house on fire, a gun, a pair of wrestling stick figures—each of which, Gaccione explained, corresponded to an unfolding emergency. He selected the stick figures, which denoted an assault, and a readout appeared onscreen with a few scant details drawn from the 911 dispatch center. At the bottom was a button marked "INVESTIGATE," just begging to be clicked.
Citigraf was conceived in 2016, when the Chicago Police Department hired Genetec to solve a surveillance conundrum. Like other large law enforcement organizations around the country, the department had built up such an impressive arsenal of technologies for keeping tabs on citizens that it had reached the point of surveillance overload. To get a clear picture of an emergency in progress, officers often had to bushwhack through dozens of byzantine databases and feeds from far-flung sensors, including gunshot detectors, license plate readers, and public and private security cameras. This process of braiding together strands of information—"multi-intelligence fusion" is the technical term—was becoming too difficult. As one Chicago official put it, echoing a well-worn aphorism in surveillance circles, the city was "data-rich but information-poor." What investigators needed was a tool that could cut a clean line through the labyrinth. What they needed was automated fusion.
Andy Wang, an IT engineer at a Shanghai-based gaming company, occasionally felt a pang of guilt about his job.
Most of his hours were spent on a piece of surveillance software called DiSanZhiYan, or "Third Eye." The system was installed on the laptop of every colleague at his company to track their screens in real time, recording their chats, their browsing activity and every document edit they made.
Working from their floor in a downtown high-rise, the startup's hundreds of employees were constantly, uncomfortably aware of being under Third Eye's intent gaze.
The software would also automatically flag "suspicious behavior" such as visiting job-search sites or video streaming platforms. "Efficiency" reports would be generated weekly, summarizing their time spent by website and application.
"Bosses would check the reports regularly," Wang said. Farther down the line, that could skew workers' prospects for promotions and pay rises. They could also be used as evidence when the company looked to fire certain people, he added.
Even Wang himself was not exempt. High-definition surveillance cameras were installed around the floor, including in his office, and a receptionist would check the footage every day to monitor how long each employee spent on their lunch break, he said.
Big Tech call center workers face pressure to accept home surveillance:
Colombia-based call center workers who provide outsourced customer service to some of the nation’s largest companies are being pressured to sign a contract that lets their employer install cameras in their homes to monitor work performance, an NBC News investigation has found.
Six workers based in Colombia for Teleperformance, one of the world’s largest call center companies, which counts Apple, Amazon and Uber among its clients, said that they are concerned about the new contract, first issued in March. The contract allows monitoring by AI-powered cameras in workers’ homes, voice analytics and storage of data collected from the worker’s family members, including minors. Teleperformance employs more than 380,000 workers globally, including 39,000 workers in Colombia.
“The contract allows constant monitoring of what we are doing, but also our family,” said a Bogota-based worker on the Apple account who was not authorized to speak to the news media. “I think it’s really bad. We don’t work in an office. I work in my bedroom. I don’t want to have a camera in my bedroom.”
The worker said that she signed the contract, a copy of which NBC News has reviewed, because she feared losing her job. She said that she was told by her supervisor that she would be moved off the Apple account if she refused to sign the document. She said the additional surveillance technology has not yet been installed.
Employees are facing more online surveillance than ever:
The rate of employee surveillance is getting out of hand after rising during the pandemic, the [UK] Trades Union Congress (TUC) has warned.
The organization has published a report in which it claims almost two-thirds (60%) of employees reported being under some form of technological surveillance and monitoring, up from 53% last year.
Furthermore, three in ten survey respondents said surveillance increased during the Covid-19 pandemic.
[...] It's usually the "gig economy" (freelancers, contractors, and other online collaborators) where businesses are expected to use AI-powered surveillance, but TUC's data is showing that some 70% of workers experienced surveillance in industries such as financial services, retail, and utilities.
Are workers really as productive at home or are they just performing 'productivity theater'?:
A new survey by Microsoft has found that 87% of workers feel they're just as efficient at home as in the office, but the vast majority of bosses disagree.
Some 85% of business leaders suspect their workers are shirking at home while only 12% of them have "full confidence" their employees are being productive, according to the results of Microsoft's survey of 20,000 people in 11 countries.
[...] Microsoft CEO Satya Nadella told BBC this week: "We have to get past what we describe as 'productivity paranoia', because all of the data we have that shows that 80% plus of the individual people feel they're very productive – except their management thinks that they're not productive. That means there is a real disconnect in terms of the expectations and what they feel."
Microsoft depicts productivity paranoia as a vicious circle. Businesses using employee-tracking technology undermine employee trust, which in turn can lead to "productivity theater", where workers knowingly join pointless video meetings and respond to emails at times that look good.
A study by GitLab found remote workers on average spend 67 minutes on feigning productivity each day.
[...] Microsoft's take on productivity paranoia is "where leaders fear that lost productivity is due to employees not working, even though hours worked, number of meetings, and other activity metrics have increased."
[...] A recent survey by hiring platform Hired found 57.1% of tech employees are planning on looking for a new job in the next six months. Even more would leave if a pay rise was knocked back. This year, 61.7% of tech workers were employed in 'remote-first' firms. Over half the respondents said they'd immediately start looking for new work if their employer demanded a return to the office.
Dutch Court Rules that Being Forced to Keep a Webcam on While Working is Illegal
A US company was fined $50,000 and ordered to pay the employee's wages and vacation days:
A court in the Netherlands has ruled that a US company violated a Dutch worker's human rights by forcing him to keep his webcam on during work hours, TechCrunch has reported. Hired by Florida telemarketing firm Chetu, the employee was terminated for refusing to be monitored "for nine hours per day" by a program that streamed his webcam and shared his screens.
[...] As Florida is an at-will state, employees can be fired for any reason as long as it's not illegal. In the Netherlands and other EU countries, however, you must have a valid motive for firing someone (refusal to perform work, culpable conduct, etc.) — otherwise, the employee has grounds to dispute it.
Dutch Court: Employees Safe from Bosses' Video Surveillance
Chetu ordered to pay restitution for employee's unlawful termination:
A telephone sales rep in the Netherlands has won an unfair dismissal court case against his former employer, US software company Chetu, after he was fired for refusing to spend his work day surveilled by his computer camera.
In August of 2022, the employee was required to log on during an entire workday while sharing his screen and being monitored by camera and attending an online training program.
"I don't feel comfortable being monitored for nine hours a day by a camera," the un-named defendant is recorded as saying in a court filing. "This is an invasion of my privacy and makes me feel really uncomfortable. That is the reason why my camera is not on. You can already monitor all activities on my laptop and I am sharing my screen," the employee added.
[...] Chetu eventually received the following notification:
Hi [name of applicant], Your employment is hereby terminated. Reason: Refusal to work; Insubordination.
In October, the university quietly introduced heat sensors under desk without notifying students or seeking their consent:
Surveillance has been creeping unabated across schools, universities, and much of daily life over the past few years, accelerated by the COVID-19 pandemic. Back in October, however, graduate students at Northeastern University were able to organize and beat back an attempt at introducing invasive surveillance devices that were quietly placed under desks at their school.
Early in October, Senior Vice Provost David Luzzi installed motion sensors under all the desks at the school's Interdisciplinary Science & Engineering Complex (ISEC), a facility used by graduate students and home to the "Cybersecurity and Privacy Institute" which studies surveillance. These sensors were installed at night—without student knowledge or consent—and when pressed for an explanation, students were told this was part of a study on "desk usage," according to a blog post by Max von Hippel, a Privacy Institute PhD candidate who wrote about the situation for the Tech Workers Coalition's newsletter.
[...] Von Hippel told Motherboard, however, that desk usage can already be tracked because desks are assigned and badges are required to enter the rooms. Instead, he believes the sensors were a rationale for the administration—which owns the building—to push out computer science students who don't use the building as much as others might.
In response, students began to raise concerns about the sensors, and an email was sent out by Luzzi attempting to address issues raised by students.
[...] At this first listening session, Luzzi asked that grad student attendees "trust the university since you trust them to give you a degree," Luzzi also maintained that "we are not doing any science here" as another defense of the decision to not seek IRB approval.
Once praised for its generous social safety net, the country now collects troves of data on welfare claimants:
Denmark's Public Benefits Administration employs hundreds of people who oversee one of the world's most well-funded welfare states. The country spends 26 percent of its GDP on benefits—more than Sweden, the United States, and the United Kingdom. It's been hailed as a leading example of how governments can support their most vulnerable citizens. Bernie Sanders, the US senator, called the Nordic nation of 6 million people a model for how countries should approach welfare.
But over the past decade, the scale of Denmark's benefits spending has come under intense scrutiny, and the perceived scourge of welfare fraud is now at the top of the country's political agenda. Armed with questionable data on the amount of benefits fraud taking place, conservative politicians have turned Denmark's famed safety net into a polarizing political battleground.
It has become an article of faith among the country's right-wing politicians that Denmark is losing hundreds of millions of euros to benefits fraud each year. In 2011, KMD, one of Denmark's largest IT companies, estimated that up to 5 percent of all welfare payments in the country were fraudulent. KMD's estimates would make the Nordic nation an outlier, and its findings have been criticized by some academics. In France, it's estimated that fraud amounts to 0.39 percent of all benefits paid. A similar estimate made in the Netherlands in 2016 by broadcaster RTL found the average amount of fraud per benefit payment was €17 ($18), or just 0.2 percent of total benefits payments.The perception of widespread welfare fraud has empowered Jacobsen to establish one of the most sophisticated and far-reaching fraud detection systems in the world. She has tripled the number of state databases her agency can access from three to nine, compiling information on people's taxes, homes, cars, relationships, employers, travel, and citizenship. Her agency has developed an array of machine learning models to analyze this data and predict who may be cheating the system.
Documents obtained by Lighthouse Reports and WIRED through freedom-of-information requests show how Denmark is building algorithms to profile benefits recipients based on everything from their nationality to whom they may be sleeping next to at night. They reveal a system where technology and political agendas have become entwined, with potentially dangerous consequences.
FISA Oversight Board Member Says Americans Need More Privacy Protections As Congress Debates Section 702 Reauthorization:
One of the NSA's most powerful spying tools is up for renewal at the end of the year. The problem with this power isn't necessarily the NSA. I mean, the NSA has its problems, but the issue here is the domestic surveillance performed by the FBI via this executive power — something it shouldn't be doing but has almost always done.
The FBI is currently catching a lot of heat for its "backdoor" access to US persons' data and communications, something it has shown little interest in controlling or tracking. Abuse is a regular occurrence and this abuse finally received some high profile attention after Congressional Republicans got bent out of shape because some of their own people ended up under the FBI's backdoor Section 702 microscope.
[...] Section 702 allows the NSA to perform "upstream" collections of data and communications. It's foreign-facing but it also collects any communications between foreign targets and US persons. That's where the FBI steps in. It's only supposed to be able to access minimized data and communications, but these restrictions are often ignored by the agency.
[...] Specifically, the program needs constraints on the FBI's access and use of the data collected by the NSA. For years, the FBI has abused its access to perform backdoor searches of Americans' data. And for years, it has been unable to explain why it can't stop violating minimization procedures and what, if anything, this unexpected, "incidental" treasure trove contributes to its law enforcement work.
Inside the bitter campus privacy battle over smart building sensors:
"The initial step was to ... see how these things behave," says Herbsleb, comparing the Mites sensors to motion detectors that people might want to test out. "It's purely just, 'How well does it work as a motion detector?' And, you know, nobody's asked to consent. It's just trying out a piece of hardware."
Of course, the system's advanced capabilities meant that Mites were not just motion detectors—and other department members saw things differently. "It's a lot to ask of people to have a sensor with a microphone that is running in their office," says Jonathan Aldrich, a computer science professor, even if "I trust my coworkers as a general principle and I believe they deserve that trust." He adds, "Trusting someone to be a good colleague is not the same as giving them a key to your office or having them install something in your office that can record private things." Allowing someone else to control a microphone in your office, he says, is "very much like giving someone else a key."
As the debate built over the next year, it pitted students against their advisors and academic heroes as well—although many objected in private, fearing the consequences of speaking out against a well-funded, university-backed project.
In the video recording of the town hall obtained by MIT Technology Review, attendees asked how researchers planned to notify building occupants and visitors about data collection. Jessica Colnago, then a PhD student, was concerned about how the Mites' mere presence would affect studies she was conducting on privacy. "As a privacy researcher, I would feel morally obligated to tell my participant about the technology in the room," she said in the meeting. While "we are all colleagues here" and "trust each other," she added, "outside participants might not."
The UK governmeent is quietly expanding and developing a controversial surveillance technology that could be capable of logging and storing the web histories of millions of people:
Official reports and spending documents show that in the past year, UK police have deemed the testing of a system that can collect people's "internet connection records" a success, and have started work to potentially introduce the system nationally. If implemented, it could hand law enforcement a powerful surveillance tool.
Critics say the system is highly intrusive, and that officials have a history of not properly protecting people's data. Much of the technology and its operation is shrouded in secrecy, with bodies refusing to answer questions about the systems.
At the end of 2016, the UK government passed the Investigatory Powers Act, which introduced sweeping reforms to the country's surveillance and hacking powers. The law added rules around what law enforcement and intelligence agencies can do and access, but it was widely criticizedfor its impact on people's privacy, earning it the name the "Snooper's Charter."
Particularly controversial was the creation of so-called internet connection records (ICRs). Under the law, internet providers and phone companies can be ordered—with a senior judge approving the decision—to store people's browsing histories for 12 months.
[...] Little is known about the development and use of ICRs. When the Investigatory Powers Act was passed, internet companies said it would take them years to build the systems needed to collect and store ICRs. However, some of those pieces may now be falling into place. In February, the Home Office, a government department that oversees security and policing in the UK, published a mandatory review of the operation of the Investigatory Powers Act so far.
The review says the UK's National Crime Agency (NCA) has tested the "operational, functional, and technical aspects" of ICRs and found a "significant operational benefit" of collecting the records. A small trial that "focused" on websites that provided illegal images of children found 120 people who had been accessing these websites. It found that "only four" of these people had been known to law enforcement based on an "intelligence check."
Arthur T Knackerbracket has processed the following story:
IBM has returned to the facial recognition market — just three years after announcing it was abandoning work on the technology due to concerns about racial profiling, mass surveillance, and other human rights violations.
In June 2020, as Black Lives Matter protests swept the US after George Floyd’s murder, IBM chief executive Arvind Krishna wrote a letter to Congress announcing that the company would no longer offer “general purpose” facial recognition technology. “The fight against racism is as urgent as ever,” he wrote. “IBM firmly opposes and will not condone uses of any technology, including facial recognition technology offered by other vendors, for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with our values and Principles of Trust and Transparency.” Later that year, the company redoubled its commitment, calling for US export controls to address concerns that facial recognition could be used overseas “to suppress dissent, to infringe on the rights of minorities, or to erase basic expectations of privacy.”
Despite these announcements, last month, IBM signed a $69.8 million (£54.7 million) contract with the British government to develop a national biometrics platform that will offer a facial recognition function to immigration and law enforcement officials, according to documents reviewed by The Verge and Liberty Investigates, an investigative journalism unit in the UK.
A new report reveals that the world's largest publisher may be selling readers' intimate personal data to the highest bidder:
Three in ten Americans read digital books. Whether they're accessing online textbooks or checking out the latest bestselling e-book from the public library, the majority of these readers are subject to both the greed of Big Publishing and the priorities of Big Tech. In fact, Amazon's Kindle held 72% of the e-reader market in 2022. And if there's one thing we know about Big Tech companies like Amazon, their real product isn't the book. It's the user data.
Major publishers are giving Big Tech free rein to watch what you read and where, including books on sensitive topics, like if you check out a book on self care after an abortion. Worse, tech and publishing corporations are gobbling up data beyond your reading habits—today, there are no federal laws to stop them from surveilling people who read digital books across the entire internet.
Reader surveillance is a deeply intersectional threat, according to a congressional letter issued last week from a coalition of groups whose interests span civil rights, anti-surveillance, anti-book ban, racial justice, reproductive justice, LGBTQ+, immigrant, and antimonopoly. Our letter calls on federal lawmakers to investigate the harms of tech and publishing corporations' powerful hold over digital book access.
[...] In the age of artificial intelligence, the ability to analyze unfathomably detailed data on individual people, create reports and inferences about those people, and use the whole lot of it to train AI models is constantly improving. The incentives to exploit the data of readers are the strongest they have ever been.
Big Publishing is clearly seeing nothing but dollar signs as apps like Hoopla gobble up identity-linked data on readers—and so it would be natural to put our hope in public libraries, which view patron privacy as a fundamental right essential to a functioning democracy. In the human rights community, libraries' resistance against government surveillance under the Patriot Act is legendary.
Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules:
On the internet, everyone wants to know who you are. Websites are constantly asking for your email address or trying to place tracking cookies on your devices. A murky slurry of advertisers and tech firms track which websites you visit, predicting what your interests are and what you may want to buy. Search engines, browsers, and apps can log each search or scroll you make.
At this stage of the internet, being totally anonymous across your entire online life is incredibly hard to achieve. Phones, SIM cards, browsers, Wi-Fi networks, and more use identifiers that can be linked to your activity. But there are steps you can take to obscure your identity for everyday browsing.
If you're looking to be truly anonymous or to protect your identity for a specific purpose—such as whistleblowing or activism—you should consider your threat model and individual security situation. But many of the changes you can make, which are listed below, are straightforward switches that can stop you from being tracked as much and apply to most people.
Below is a sampling of suggestions from the article, so click through to see the rest. What ways do you limit your digital fingerprint and where is your line between convenience and privacy?
Do you ever think about the digital footprint you leave when you are browsing the web, shopping online, commenting on social networks or going by a facial recognition camera? State surveillance of citizens is growing all over the world, but it is a fact of everyday life in China, where it has deep historical roots.
In China, almost nothing is paid for in cash anymore. Super apps make life easy: people use Alipay or WeChat Pay to pay for subway or bus tickets, rent a bike, hail a taxi, shop online, book trains and shows, split the bill at restaurants and even pay their taxes and utility bills.
The Chinese also use these platforms to check the news, entertain themselves and exchange countless text, audio and video messages, both personal and professional. Everything is linked to the user's mobile phone number, which is itself registered under their identity. The government may access the data collected by Baidu, Alibaba, Tencent, Xiaomi and other operators.
How do Chinese citizens experience this constant surveillance? In my book Living with Digital Surveillance in China: Citizens' Narratives on Technology, Privacy and Governance , I present research I conducted in China in 2019. Specifically, the book is based on 58 semi-structured in-depth interviews with Chinese participants recruited through colleagues at three universities in Beijing, Shanghai and Chengdu.
[...] So, what about us? We, in Western liberal democracies, are also exposed to digital surveillance. And our surveillance ideas are also shaped by our own socio-political, cultural, and economic contexts, with significant variations across different Western societies. My work suggests that some of our own privacy and surveillance narratives are quite close to the Chinese ones, while others clearly differ.
What about you? How do you see your own relationship to digital surveillance?
[Source]: The Conversation
[Also Covered By]: Fast Company
Using stalkerware is creepy, unethical, potentially illegal, and puts your data and that of your loved ones in danger:
Last week, an unknown hacker broke into the servers of the U.S.-based stalkerware maker pcTattletale. The hacker then stole and leaked the company's internal data. They also defaced pcTattletale's official website with the goal of embarrassing the company.
"This took a total of 15 minutes from reading the techcrunch article," the hackers wrote in the defacement, referring to a recent TechCrunch article where we reported that pcTattletale was used to monitor several front desk check-in computers at Wyndham hotels across the United States.
As a result of this hack, leak and shame operation, pcTattletale founder Bryan Fleming said he was shutting down his company.
Consumer spyware apps like pcTattletale are commonly referred to as stalkerware because jealous spouses and partners use them to surreptitiously monitor and surveil their loved ones. These companies often explicitly market their products as solutions to catch cheating partners by encouraging illegal and unethical behavior. And there have been multiple court cases, journalistic investigations, and surveys of domestic abuse shelters that show that online stalking and monitoring can lead to cases of real-world harm and violence.
And that's why hackers have repeatedly targeted some of these companies.
According to TechCrunch's tally, with this latest hack, pcTattletale has become the 20th stalkerware company since 2017 that is known to have been hacked or leaked customer and victims' data online. That's not a typo: Twenty stalkerware companies have either been hacked or had a significant data exposure in recent years. And three stalkerware companies were hacked multiple times.
[...] But a company closing doesn't mean it's gone forever. As with Spyhide and SpyFone, some of the same owners and developers behind a shuttered stalkerware maker simply rebranded.
Dan Goodin over at Ars Technica is reporting on a company called Babel Street and its Location X program.
From the article:
You likely have never heard of Babel Street or Location X, but chances are good that they know a lot about you and anyone else you know who keeps a phone nearby around the clock.
Reston, Virginia-located Babel Street is the little-known firm behind Location X, a service with the capability to track the locations of hundreds of millions of phone users over sustained periods of time. Ostensibly, Babel Street limits the use of the service to personnel and contractors of US government law enforcement agencies, including state entities. Despite the restriction, an individual working on behalf of a company that helps people remove their personal information from consumer data broker databases recently was able to obtain a two-week free trial by (truthfully) telling Babel Street he was considering performing contracting work for a government agency in the future.
Tracking locations at scale
KrebsOnSecurity, one of five news outlets that obtained access to the data produced during the trial, said that one capability of Location X is the ability to draw a line between two states or other locations—or a shape around a building, street block, or entire city—and see a historical record of Internet-connected devices that traversed those boundaries.
[...]
404 Media, another outlet given access to the data, reported that the trove allowed a reporter to zoom in on the parking lot of an abortion clinic in Florida and observe more than 700 red dots, each representing a phone that had recently visited the clinic. Location X then allowed the reporter to trace the movements of one specific device.
That device—and by extension, the person carrying it—began the journey in mid-June from a residence in Alabama. The person passed by a Lowe's Home Improvement store, drove on a highway, visited a church, crossed into Florida, and finally stopped at the clinic where the phone indicates the person stayed for two hours before leaving and returning to Alabama. The data tracked the phone as having visited the clinic only once.
The technology making this vast data collection possible is, of course, tracking mechanisms built into Android and iOS and the apps that run on those operating systems. By default, Android assigns a unique ad ID to each device and makes it available to any app that has location permissions. iOS, by contrast, keeps its "Identifier for Advertisers" tracker private, but gives each installed app the opportunity to request access to it.
Some apps are given permission to access a phone's location and then sell the device's location to consumer data brokers. The data can also be made available through the web ad ecosystem. While an ad-supported page loads, the advertising network holds an auction in real time to sell a personalized ad to the highest bidder. A key piece of information bidders use to set a price is—you guessed it—the location of the device running the browser. Advertisers generate additional revenue by selling that history to the likes of Location X provider Babel Street.
Tracking Indoor Location, Movement and Desk Occupancy in the Workplace: A case study on technologies for behavioral monitoring and profiling using motion sensors and wireless networking infrastructure inside offices and other facilities
As offices, buildings and other corporate facilities become networked environments, there is a growing desire among employers to exploit data gathered from their existing digital infrastructure or additional sensors for various purposes. Whether intentionally or as a byproduct, this includes personal data about employees, their movements and behaviors.
Technology vendors are promoting solutions that repurpose an organization's wireless networking infrastructure as a means to monitor and analyze the indoor movements of employees and others within buildings. While GPS technology is too imprecise to track indoor location, Wi-Fi access points that provide internet connectivity for laptops, smartphones, tables and other networked devices can be used to track the location of these devices. Bluetooth, another wireless technology, can also be used to monitor indoor location. This can involve Wi-Fi access points that track Bluetooth-enabled devices, so-called "beacons" that are installed throughout buildings and Bluetooth-enabled badges carried by employees. In addition, employers can utilize badging systems, security cameras and video conferencing technology installed in meeting rooms for behavioral monitoring, or even environmental sensors that record room temperature, humidity and light intensity. Several technology vendors provide systems that use motion sensors installed under desks or in the ceilings of rooms to track room and desk attendance.
[Source]: Cracked Labs
[Case Study]: https://crackedlabs.org/dl/CrackedLabs_Christl_IndoorTracking.pdf [PDF]
[Also Covered By]: The Register
Arthur T Knackerbracket has processed the following story:
It has been nearly a decade since famed cryptographer and privacy expert Bruce Schneier released the book Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World - an examination of how government agencies and tech giants exploit personal data. Today, his predictions feel eerily accurate.
At stake, he argued then, was a possibly irreversible loss of privacy, and the archiving of everything. As he wrote, science fiction author Charlie Stross described the situation as the "end of prehistory," in that every facet of our lives would be on a computer somewhere and available to anyone who knew how to find them.
Since the book was published, we've seen data harvesting continue, particularly for training AI models. The battle to keep even the most basic facts about us private seems all but lost.
We sat down with Bruce Schneier for an update on his work, and what we can expect in the future.
The Register: Data and Goliath came out nearly two years after Snowden's leaks and just months before Congress finally made a few moves on the surveillance issue with the USA Freedom Act. Ten years on, how do you feel things have changed, if at all?
At the same time, the information environment has gotten worse. More of our data is in the cloud, where companies have easier access to it. We have more Internet-of-Things devices around ourselves, which keep us under constant surveillance. And every one of us carries an incredibly sophisticated surveillance device around with us wherever we go: our smartphones. Everywhere you turn, privacy is losing.
[...]
The Register: If the mass privatization of the government that's looking likely happens, what are the implications of all that data being leased out to the private sector?
And by security, I mean two things. Obviously, there's the possibility that the data will be stolen and used by foreign governments and corporations. And there is the high probability that it will end up in the hands of data brokers, and then bought and sold and combined with other data.
Surveillance in the US is largely a corporate business; this will just make it worse.