Happy new year everyone! I hope you all are feeling pumped up for 2021. I’m personally ready to wipe the slate clean and leave 2020 behind as a distant fading memory.
Since this week’s post on antitrust ran a bit long, I decided to do a little “breaking up” of my own. 😏 Below you’ll find some summary of the week’s events normally included in my posts.
Some quick news while I’ve got you. I’m excited to announce the creation of The State of Surveillance Discord Server! You all can use this space to contact me directly as well as chat amongst yourselves about all things surveillance. I’ll be dropping links to articles and documents I find interesting in real-time there, so I encourage you to sign up if you want more immediate news.
In addition to getting quicker access to stories, the Discord server also provides all of you all an opportunity to ask me questions, submit your links, and discuss the latest happenings in the surveillance world. I’ve also set up a channel called “Weekly Debate,” where I will pose a thorny question related to surveillance and open the forum for all of your takes. I’m really excited to see what you all have to say!
You can join the server for free at this link: https://discord.gg/MFR3Ebgac7
This Week’s Big News
🏫 1: New York Bans Facial Recognition in Schools 🏫
The moratorium, which includes other types of biometric surveillance in addition to facial recognition, will stay in place at least until July 1, 2022
With the passing of the bill, New York state is officially the first state to ban facial recognition in both public and private schools.
According to a New York state press release, the decision to stomp on the brakes draws mainly from worries of inaccuracies of the technology-centered around race and gender.
That’s not limited to schools. All across the county, cities and states have begun issues partial or total bans of facial recognition, in particular, following numerous studies showing the technologies inability to detect minority faces as well as white ones.
While there’s a mountain of research supporting these claims, this 2018 work by MIT researcher Joy Buolamwi did some of the heaviest lifting to change the conversation around facial recognition.
After issuing the moratorium, Governor Cuomo released a statement clarifying the need to hit pause on new facial recognition initiatives.
This legislation requires state education policymakers to take a step back, consult with experts and address privacy issues before determining whether any kind of biometric identifying technology can be brought into New York's schools.
The safety and security of our children is vital to every parent, and whether to use this technology is not a decision to be made lightly.
The official decision comes months after a lawsuit filed by the American Civil Liberties Union which focused on a proposed facial recognition system in the Lockport City School District.
Officials from the Lockport school district criticized the lawsuit, claiming facial recognition and other biometrics identifies would increase school safety.
Other proponents of the technology argue its proper use could help stem the tide of school shootings that have wreaked havoc through the US in recent years.
While the new bill slows things down for the time being, it’s only temporary.
The bill requires the New York state legislature to pass a bill in its next session to study facial recognition in schools.
📱2: Schools Are Buying Up Phone Hacking Tools Used by the FBI 📱
Documents uncovered by Gizmodo reveal how schools around the US are purchasing phone hacking equipment intended to crack students’ devices and view deleted messages.
The document specifically highlighted seven Texas school districts, including one in San Antonio, and one in the Houston suburbs.
Altogether, these districts include hundreds of schools and could implicate hundreds of thousands of students.
While the exact tools vary by school district, they all fall under the general category of mobile device forensic tools (MDFTs).
When plugged into a phone, these tools can extract apps, text messages, and photos. Some tools can even extract “deleted” data.
The San Antonio school district reportedly paid $6,695 in exchange for the tools.
The Houston area school district reportedly paid Oxygen Forensics Inc., $2,899.
According to a Vice investigation, the FBI has purchased over $2 million worth of Cellebrite equipment (the same company used in some of the schools mentioned above) since 2012.
Those transactions highlight the militaristic nature of surveillance tools and how they are rapidly being integrated into daily civilian life.
Gizmodo analyzed a random sample of public schools and school district websites in the US and found eight instances where websites explicitly mention either Cellebrite or other MDFT technology.
One of those districts was the Los Angeles Unified School District, which allegedly uses a Cellebrite device to investigate complaints of employee misconduct against students.
🇫🇷 3: France Bans Police Use of Drones During Protests 🇫🇷
If the French are known for anything, it’s their proclivity for passionate protest. That and wine of course.
From now on though, those protests will be lacking one notable sound—the low buzzing hum of a hovering drone. As of this week, French Police will no longer be allowed to fly drones over protestors.
The announcement came via the Council of State, the country’s top court, which urged Paris police to halt its use of drones, “without delay.”
While police and other proponents of the drones argue they can provide an element of security, activists fear they are really being used to track protestors.
The court added that there was, “serious doubt of the legality,” of the drones.
The measure marks the second strike against drones in France in several months.
Earlier this year, courts ruled against allowing police the ability to use drones to track commuters during quarantines brought on by the coronavirus pandemic.
Drones have been used to monitor protests around the globe for years, but their use saw a spike in Europe in 2020 due to the coronavirus pandemic.
Early on, when much of Europe was under strict lockdown, a video emerged of police using drones in Spain and Italy to advise residents to return to their homes, and in some cases, taking temperatures.
🔦 4: Dozens of Journalists Were Targeted by Surveillance Mercenaries 🔦
The Israeli surveillance for hire company, NSO Group, reportedly targeted a group of journalists with its controversial spyware, giving them near unlimited access to their phones.
Several governments used NSO Group’s Pegasus software to target the devices of at least 36 Al Jazeera journalists.
The journalists were hacked by four separate “operators,” including one based out of Saudia Arabia and another from The United Arab Emirates.
NSO Group is one of several prominent spyware companies that sell their services to authoritarian regimes across the world. Equipped with the spying software, these governments (including Mexico and Saudia Arabia) work with NSO Group to target individuals critical of the regime.
Evidence of the hack was detected by researchers at the University of Toronto's Citizen Lab. They released their findings last week.
Specifically, the researchers determined the malware used came via the form of an infected iMessage note sent to the journalists’ iPhones.
The phones were compromised using an exploit chain Citizen Lab has dubbed “KISMET.”
Once installed on someone’s phone, NSO Group’s malware can remotely turn on microphones, record audio of encrypted calls, use the phone’s camera to surreptitiously take photos, track the user’s location, and access passwords stored on the device.
The attacks on the 36 journalists occurred between July and August of this year but the researchers found additional evidence of the exploit being used as early as October 2019.
While the operators behind the attack hailed from the Middle East, servers used in the attacks hailed from Germany, France, the UK, and Italy.
News of the attack will undoubtedly draw renewed scrutiny to Apple, which in recent years has marketed itself as a company with a commitment to privacy and security.
The NSO Group exploits, and additional research investigating Apple’s security, muddy some of Apple’s most pronounced security claims.
The exploitability of iMessage in particular is of most concern.
If you own an iPhone, make sure to update as soon as possible.
Citizen Lab researchers determined that the KiSMET exploit does not work on phones equipped with iOS 14 and above.
While groups like NSO Group are unlikely to single you out if you're not a politician, journalist, or dissident, it’s always a good idea to update your phone regularly to protect yourself against lower-level hackers looking to make a quick buck.
Bill Marczak, John Scott-Railton, Noura Al-Jizawi, Siena Anstis, and Ron Deibert, The Citizen Lab
What I’m Reading
Subprime Attention Crisis, by Tim Hwang
If you’re a regular reader of this newsletter then you will know that it’s impossible to properly discuss digital surveillance without also talking about digital advertising. While the general public has come to understand many of the insidious details of hyper-accurate online ads, one larger foundational question often gets overlooked: are those ads actually effective for selling things?
That’s the starting point for Tim Hwang’s Subprime Attention Crisis. I’ve nearly finished the book and Hwang convincingly argues that the online ad market, which has come to dictate the way most free services operate on the internet, is clouded by smoke and mirrors, inaccurate data, and corporate deception.
Throughout the book, Hwang compares the shady nature of digital advertisement to another event not far removed: the 2008 housing crisis. Like then, Hwang argues marketing agencies and other companies dependent on digital ads are inflating prices and creating a bubble. Here’s a section of the text.
Marketing agencies and advertising technology companies play the role of the pre-crisis rating agencies and loan originators. The business practices of these entities juice the market in ways that assist the growth of a bubble
Continuing on with the comparison to the 2008 housing crisis, Hwang offers a foreboding prediction.
The result is that the market for digital advertising grows, divorced from the reality of how ads are actually functioning. Bubbles pop of course. And when they do, it’s loud.
If this type of thing is interesting to you, I encourage you to check it out!
Here’s What Else is New
⚖️ This man spent 10 days in jail after facial recognition led to his wrongful arrest
This marks the third official case of someone spending time in jail after a false identification.
City police tested out a program last year where it flew an aerial surveillance plane overhead in an effort to reduce crime.
🇵🇰 Pakistan demanding Google and Wikipedia remove “sacrilegious” online content
Some of the content in question involves depictions of the prophet Mohammed and “unauthentic” versions of the Quaran.
🎮 Some good news: new study finds no link between youth gaming and violent behavior
That’s it for now. As always, please feel free to reach out to me at thestateofsurveillance@gmail.com or Mack.degeurin@gmail.com
Peace everyone.