CCTV + Lip-Reading Software = Even Less Privacy, Even More Surveillance
Furnished content.
Techdirt has written a number of stories about facial recognition software being paired with CCTV cameras in public and private places. As the hardware gets cheaper and more powerful, and the algorithms underlying recognition become more reliable, it's likely that the technology will be deployed even more routinely. But if you think loss of public anonymity is the end of your troubles, you might like to think again:Lip-reading CCTV software could soon be used to capture unsuspecting customer's private conversations about products and services as they browse in high street stores.Security experts say the technology will offer companies the chance to collect more "honest" market research but privacy campaigners have described the proposals as "creepy" and "completely irresponsible". That story from the Sunday Herald in Scotland focuses on the commercial "opportunities" this technology offers. It's easy to imagine the future scenarios as shop assistants are primed to descend upon people who speak favorably about goods on sale, or who express a wish for something that is not immediately visible to them. But even more troubling are the non-commercial uses, for example when applied to CCTV feeds supposedly for "security" purposes.How companies and law enforcement use CCTV+lip-reading software will presumably be subject to legislation, either existing or introduced specially. But given the lax standards for digital surveillance, and the apparent presumption by many state agencies that they can listen to anything they are able to grab, it would be naïve to think they won't deploy this technology as much as they can. In fact, they probably already have.Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 29-Aug-2017
path: /Policy | permalink | edit (requires password)
IOT Devices Provide Comcast A Wonderful New Opportunity To Spy On You
Furnished content.
For some time now we've noted how poorly secured IOT devices provide a myriad of opportunities for hackers looking for new attack vectors into homes and businesses. That's of course when these devices aren't just coughing up your personal data voluntarily. Whether it's your smart fridge leaking your Gmail credentials or your internet-connected TV transmitting your personal conversations over the internet unencrypted, we've noted time and time again how IOT manufacturers consistently make privacy and security an afterthought -- one that's going to ultimately cost us more than some minor inconvenience.But in addition to the internet of broken things being a privacy and security dumpster fire, these devices are providing a wonderful new opportunity for larger ISPs looking to monetize the data you feed into their networks on a daily basis. A new study out of Princeton recently constructed a fake home, filled it with real IOT devices, and then monitored just how much additional data an ISP could collect on you based in these devices' network traffic. Their findings? It's relatively trivial for ISPs to build even deeper behavior profiles on you based on everything from your internet-connected baby monitor to your not so smart vibrator.We've long noted that while encryption and VPNs are wonderful tools for privacy, they're not some kind of panacea -- and the researchers found the same thing here:"...encryption doesn't stop ISPs from knowing which internet-of-things devices their users have, nor does it stop them seeing when we use those devices. In the Princeton study, ISPs could track a user's sleep patterns by detecting when a sleep tracker was connecting to the internet. It also revealed that ISPs could identify when a home security camera detected movement and when someone was watching a live stream from their security camera." Similar concerns have been raised (and promptly ignored in most areas) regarding information collected from smart energy meters by your power utility, since power usage can similarly provide all manner of monetizeable insight into your daily behavior. The researchers do note that more sophisticated users could use a VPN to confuse their ISP, but the full study indicates there will be some impact on network performance that could be a problem on slower connections:"The authors say there might be ways to cut down the snooping abilities of ISPs. One possible defence involves deliberately filling a network with small amounts of traffic. This could be done by running all your internet traffic through a VPN and then programming the VPN to record and play back that traffic even when the IOT device is not in use, making it tricky for ISPs to work out when a particular device is actually being used. However, this would probably slow down the network, making it a somewhat impractical defence against network observations." Aren't you glad Congress recently voted to kill consumer broadband privacy protections solely for the financial benefit of Comcast, AT&T, Verizon and Charter (Spectrum)? Those fairly basic rules required that ISPs be entirely transparent about what data they're collecting and who they're selling it to. The rules, proposed after Verizon was caught modifying user data packets to track online behavior (without telling anyone), also would have required customers opt in to more sensitive financial data collection. Without them, oversight of ISP data collection is sketchy at best, no matter what large ISPs and their friends claim.While the lack of ISP transparency as to what's being collected and sold is one problem, so too is the fact that most of these devices offer little to no insight or control over what kind of data and information they're transmitting. That leaves the onus entirely on the consumer to try and cobble together an imperfect array of technical solutions to minimize ISP snooping and protect themselves (often impossible for your average grandparent or Luddite), or to take the smarter path in the smart home era and resort to older, dumber technologies whenever and wherever possible.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 29-Aug-2017
path: /Policy | permalink | edit (requires password)
|
|