Microsoft, Yahoo, Google, Facebook, AOL, Verizon, and Apple might breathe a little easier today. Their denials of working with the NSA’s PRISM program to turn over huge quantities of customer data over to the secretive U.S. intelligence agency just got a little bit more credible today thanks to testimony from NSA Director General Keith Alexander.

“The U.S. government does not unilaterally obtain information from the servers of U.S. companies,” Alexander said. “Rather, the U.S. companies are compelled to provide these records by U.S. law using methods that are in strict compliance with that law.”

Unfortunately, Alexander also referred to the companies as “our industry partners.”

Alexander testified before the House Standing Committee on Intelligence today, saying that it was a “privilege and honor” to serve the United States as director of the NSA, also that data accessed by PRISM and other NSA surveillance programs has spared the U.S. from over 50 terrorist attacks since 9/11.

Facebook, Google, Apple, Microsoft, and other companies have denied allowing the U.S. government full access to their customer data. But their denials have strange similarities and significant gaps, and initial whistle-blower Edward Snowden has stuck to his guns, saying that their responses were misleading.

Alexander’s words are, frankly, in tune with the companies’ denials.

Based on his testimony alone, obtaining information from Facebook servers, for instance, could happen as long as it was not “unilateral.” That seems to be written by the same speechwriter who crafted the companies’ denials, which all said that any governmental access is not “direct.”

In addition, Alexander said that “virtually all countries” have laws that sanction them to get data from communications providers and companies and that therefore the U.S. is not alone in this regard. And, that this data is critical to keeping America safe.

“The U.S. operates its program with careful oversight by the courts, Congress, and the administration,” Alexander said. “In the 12 years since 9/11, we have lived in relative security as a nation as a direct result of the Intelligence communities’ quiet efforts to connect the dots.”

That’s a contention that organizations like StopWatching.Us, which includes the EFF, Reddit, the Mozilla Foundation, and the American Library Association might find difficult to believe.

“The revelations about the National Security Agency’s surveillance apparatus, if true, represent a stunning abuse of our basic rights,” the organization’s said recently in an open letter. “We demand the U.S. Congress reveal the full extent of the NSA’s spying programs.”

Officials such as Alexander and Robert Litt, who leads the Office for the Director of National Intelligence, repeatedly stated that all data access had “multilayered levels of oversight” and that the NSA’s programs were limited, focused, and disciplined. But all the denials appear to be couched in language that allows for a significant amount of interpretation.

Image credits: John Koetsier, Steampunk eyes by Daniel Proulx/Flickr

President Barack Obama wants you to know that those PRISM slides you saw last week aren’t the full picture.

The president appeared on the Charlie Rose show Monday night, defending the National Security Agency’s surveillance practices and attempting to calm the fears that the government’s antiterrorism efforts are infringing on the freedoms of Americans. The broadcast came on the same day as that NSA whistleblower Edward Snowden answered readers’ questions via the Guardian‘s website, making Monday an interesting day for anyone following both sides of the ongoing debate over the NSA’s practices.

Here’s what Obama wants you to know:

Security vs. freedom is a false choice

Security or freedom? If you’re like a lot people, you probably don’t think they’re compatible. But Obama disagrees. “We don’t have to sacrifice freedom in order to achieve security. That’s a false choice,” he said.

Obama did note, however, that there are trade-offs that have to be made in these sorts of arrangements — and by “trade-offs,” we can only assume he means “privacy.”

The NSA’s phone-snooping program is full of oversight

Another common defense of the NSA’s surveillance programs is plain old checks and balances. As Obama pointed out, the NSA’s activity is overseen by both Foreign Intelligence Surveillance Act (FISA) courts and congress, which makes the entire snooping process both legal and transparent.

“My concern has always been not that we shouldn’t do intelligence-gathering to prevent terrorism but rather are we setting up a system of checks and balances?” Obama said.

The problem, of course, is that much of that checks-and-balances process is kept secret, which isn’t much comfort for those who don’t trust the government to begin with.

Metadata-matching is possible, but no one’s doing it because … well, it’s illegal 

Probably the biggest fear attached to metadata — data like when and where a phone call is made, for instance — is that it can be very, very powerful in bulk, particularly when it’s matched against other data. This is true even if the data is “anonymized.” Once you learn a lot of disparate information about someone, you can get a pretty good sense of who they are and what they’re into — regardless of whether you know their names.

While Obama conceded that as true, he dismissed the concerns on the basis that that sort of data-matching is illegal under current programs. “We would not be allowed to do that,” he said.

Translation: It’s not that the NSA doesn’t have the capacity to do widespread matching analysis on the data it collects; it’s that the law prevents it from doing so. Still, as many have point out, there’s very little preventing the government from changing that law to suit increased data collection and analysis.

The NSA programs focus on foreigners, not Americans 

One of the most strict limitations applied to the NSA’s surveillance programs is that they apply to foreigners, not Americans. Moreover, as Obama pointed out, the NSA’s investigations are narrow and focus on matters related to “counterterrorism, weapons proliferation, cyber hacking or attacks.”

While that might be something of a solace for Americans, it’s certainly not one for the rest of the world. In a letter sent today to Congress on Tuesday, an international group of nonprofit organizations said that the U.S. government has the responsibility to respect the privacy of not just its own people but the rest of the world as well.

“The contradiction between the persistent affirmation of human rights online by the U.S. government and the recent allegations of what appears to be mass surveillance of U.S. and non-U.S. citizens by that same government is very disturbing and carries negative repercussions on the global stage,” the group said.

Photo: Instagram/PBS

Following up on Apple’s complete denial of the National Security Agency’s PRISM data-surveillance program, the iPhone-maker has divulged new figures on the actual data it offers up to authorities as well as how it goes about doing so.

In a statement issued on Apple’s website this morning, the company reiterated its initial stance on PRISM: that it doesn’t provide government agencies with direct access to its servers, and any requests for customer data require a court order. Additionally, Apple revealed that it only received between 4,000 and 5,000 requests for customer data between December 1, 2012, and May 31, 2013, which covered between 9,000 and 10,000 customer accounts or devices.

That’s a far cry from what we’d expect with direct government access to Apple’s servers, which potentially could involve data from tens of millions of consumers. Indeed, the notion of direct access was one of the scarier elements of initial PRISM reports, but a slew of denials from tech companies (and some backtracking from reporters) has made it difficult to confirm just how valid these claims were.

Apple says its data requests from authorities typically involve thefts or some other crime and aid in things like missing-child and Alzheimer-patient searches.

“Regardless of the circumstances, our legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities,” Apple wrote in its statement. “In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.”

Apple also confirmed that it can’t access communications over its FaceTime video chat and iMessage instant messenger service since that data is encrypted between the sender and receiver. Apple’s iMessage encryption is so good that even the Drug Enforcement Administration has complained about how difficult it is to crack, CNET reported in April.

Apple also noted that it doesn’t store customer data from Siri requests, map searches, or their device’s location in “any identifiable form.” That means Apple can still store that data anonymously, something that Google and plenty of other technology companies are doing as well.

Photo: Sean Ludwig/VentureBeat

At least according to one cybersecurity expert.

James Foster, the founder and CEO of Riskive, a cybersecurity company that works with large companies and, yes, (alert, alert) government agencies, says PRISM is impossible. In fact, Foster claims, it would require an annual budget of at least $4.56 trillion dollars:

“The National Security Agency is not spying on our U.S. citizens — and the thought is not only illegal — it’s ludicrous. A simple mathematical analysis proves this point. If we can assume that one person has the capacity to fully scour 100 people’s communication a day, a feat in and of itself, to read all of someone’s email, text messages, phone calls, and overall interaction then the NSA would have to have over three million employees and would have an annual budget that would be 20 percent greater than the entire U.S. Federal budget. The bigger threat is from rogue individuals who waste millions of U.S. taxpayer dollars by revealing insights into government programs intended to protect our citizens.

We are in the midst of an era where national security is paramount and the balance between security and privacy will continue to be tested. Complete transparency is an oxymoron in a post 9/11 world.”

Journalists get a lot of pitches. I guess the law of averages says some of them have to be stupid. This one landed in my inbox about 45 minutes ago.

Foster has never heard of “big data,” apparently. He isn’t aware of technologies like cluster analysis, machine learning, predictive modeling, sentiment analysis, or association rule learning that drive automated analysis of massive datasets. He doesn’t know that three-letter-organizations like the CIA, NSA, and FBI have been asking Silicon Valley data scientists for help by appealing to their patriotism. And he is not aware that individual humans will never see most of the 97 billion data points that the NSA has admitted snooping on.

Either that, or perhaps he thought that a quote like this would help defuse the scandal.

I suppose the possibilities here include that various men in black are mobilizing security experts to cast aspersions on the press reports about PRISM. Another might be that a security company that wants to do business with secretive government agencies wants to be seen visibly supporting their interests in public.

But you’d think he might have used a little intelligence in crafting the message.

Photo credit: striatic via photopin cc

NSA whistleblower Edward Snowden came out of hiding to speak with a Chinese newspaper today, claiming that the U.S. is also using its recently revealed surveillance tactics against China.

According to an interview Snowden gave to the South China Morning Post, the U.S. government has preformed over 61,000 “hacking operations” in countries across the globe. He also believes hundreds of those missions targeted the Chinese mainland as well as Hong Kong, where Snowden is currently hiding.

He has been in hiding since releasing a slide deck to the Washington Post outlining a government surveillance program called PRISM. Snowden came out a few days later, saying he worked as a defense contractor for the NSA and had access to such information. After that, he disappeared, only resurfacing today to make these comments.

According to the slide deck he released, PRISM is a data collection program set up to collect information from a number of top tech companies including Facebook, Google, Microsoft, Apple, and others.

Snowden explained to the SCMP that these individual company requests aren’t the only way the NSA gets data.

“We hack network backbones — like huge Internet routers, basically — that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” he told the publication.

To those who criticize his choice to make a safe haven of Hong Kong, he explained that he intends to fight for his rights there, and that the Chinese city — which was under British rule under 1997 — until has a rich history of free speech efforts.

Edward Snowden image via The Guardian video

While official reaction to the PRISM Internet surveillance scandal in the U.S. has been muted at best, the European Union is up in arms over the NSA’s access to data from Facebook, Apple, Microsoft, Google, and other companies. Now, the EU’s justice commissioner, Viviane Reding, has written a letter to the US attorney general asking some very pointed questions about PRISM and other U.S. civilian spying programs.

After all, if the NSA were — shockingly — telling the truth that its surveillance is mostly targeted at foreign nationals, European citizens are right in the crosshairs. And Europe has some of the strongest data protection laws in the world.

Reding’s questions to the attorney general, as quoted by the BBC, include:

• Are they (PRISM and any other surveillance programs) only aimed at gathering the data of US citizens and residents, or are they also — or even primarily — targeting non-US nationals, including EU citizens?
• Is the data collection limited to specific and individual cases and, if so, what criteria is applied?
• How regularly is the data of individuals collected or processed in bulk?
• What is the scope of Prism and other such programmes? Is it limited to national security and foreign intelligence, and if so how are such terms defined?
• How might companies in the US and EU challenge the efforts to access and analyse the data?
• What ways might EU citizens find out if they have been affected? How is this different to the situation for US citizens and residents?
• How might EU citizens and companies challenge any effort to access and process their personal data? How does this compare to the rights offered to US citizens and residents?

Those questions have answers that Europeans won’t like.

Based on what we know of PRISM so far, non-U.S. nationals are indeed targeted, along with U.S. citizens. The data collection doesn’t appear to be very limited; rather, it looks rather broad. The scope of PRISM is massive. Companies are not able to challenge the law, or even discuss it publicly, although Google has challenged it, apparently. And private individuals have no hope of knowing whether they’ve been sucked up in the dragnet, and also no hope of challenging any collection of their private data.

How do you like them apples, Ms. Reding?

Probably not very much. And the EU justice commissioner will no doubt be asking these and other uncomfortable questions of U.S. attorney general Eric Holden in person on Friday, when they meet at a previously-scheduled event.

Any answers she gets — and any pressure Europe can bring to bear on PRISM and other spying programs — could help U.S. citizens challenge the NSA’s efforts to surveil Americans, as well as Europeans. Eighty-five organizations, including the Electronic Frontier Foundation, are already gathering to fight PRISM, while the only substantive response from the U.S. government has been a possible criminal investigation into the leaks.

Which is one reason I’m hoping the Pardon Edward Snowden petition at WhiteHouse.gov gets 100,000 signatures. At least that will force some kind of response.

And, as Jill Killock, the executive director of the Open Rights Group, recently said:

“European governments respect the rights of U.S. citizens. Why shouldn’t [the U.S.] do the same?”

Image credit: EU

The days of simple law-enforcement wiretaps for telephone surveillance are gone. Today’s digital networks break conversations into packets for transmission and reassembly at their destination, making them harder for law enforcement agencies to identify and monitor. Compounding the surveillance complexity are Federal laws that specify how and when law enforcement agencies may monitor individuals within of the United States.

James Clapper, the U.S. Director of National Intelligence, recently stated that “the NSA does not voyeuristically pore through U.S. citizens’ e-mails.” But leaks like those of Edward Snowden tend to confirm what many conspiracy theorists fear, that the United States security apparatus has become an ungovernable force. And it has many tools at its disposal.

There are extensive disclosures in patent applications at the U.S. Patent Office. Patent grants over the past decade illustrate a number of crafty surveillance techniques. Below are some of the patents we uncovered (by U.S. patent number):

• 8094791 – Verizon: Comparing keystrokes in order to biometrically authenticate a suspect caller’s identity.
• 8194825 – AT&T Mobility: Authenticating a caller by matching an expected “path delay” and alerting law enforcement.
• 7684547 – IBM: Moving a suspect VoIP call onto a monitorable analog circuit for surveillance by law enforcement.
• 6563797 – AT&T: Sending a distinct alert to law enforcement that differentiates normal incoming calls from surveillance calls.
• 8306190 – AT&T: Forking a voice call simultaneously to law enforcement in addition to connecting the intended endpoint.
• 7155207 – Nextel: Recording voice traffic and forwarding the content to a law enforcement agency whenever certain keywords are detected.
• 7730521 – Juniper Networks: Intercepting network data packets and mirroring them to law enforcement for analysis.
• 7764768 – Alcatel-Lucent: Separating a caller’s video, e-mail, and voice streams for delivery to a lawful monitoring system.
• 8270573 – Ericsson: Intercepting ringback tones, identifying the called party, and routing the tone to law enforcement for analysis.

The patent system advances a somewhat speculative constitutional charter. It allows the public to see the complete inventions in exchange for granting the inventor a limited monopoly. But there are no assurances that the patented inventions will become commercial products — so it’s anyone’s guess whether these patents are actually being used by their creators.

John Koenig is the founder of Compute Media and developer of “The Patent Studio.” You can follow him on Twitter at @johnkoenig. This post originally appeared on his website.

Top photo: Shannon Kringen/Flickr

Bloomberg broke the story and said that Google is the second company to fight back against NSLs. Challenges are rare — of 300,000 government-issued NSLs since 2000, only a handful of companies have resisted. The letters enables intelligence organizations to send secret requests to Web and telecom companies to gather data that is “relevant” to an investigation. They do not need a judge approval and come with a gag order, so people who receive the requests cannot talk about them.

Google filed a petition to “set aside the legal process,” citing a provision that enables judges to modify or deny NSLs that are “unreasonable, oppressive, or otherwise unlawful.” It is unknown why Google received the request, but in a blog post earlier this month, Google’s director of law enforcement and information security Richard Salgado said the company has been “trying to find a way to provide more information about the NSLs we get — particularly as people have voiced concerns about the increase in their use since 9/11,” and would include data about NSLs in their Transparency Report.

While civil rights groups aren’t always thrilled about how Internet companies use their customers’ private data, they are responding positively to Google’s stance against unwarranted government probes. The Electronic Frontier Foundations attorney Matt Zimmerman told Bloomberg “the people who are in the best position to challenge the practice are people like Google. So far no one has really stood up for their users.”

The FBI’s ability to issue NSLs was expanded under the Patriot Act. In 2007, the Justice Department found “serious misuse” of the FBI’s surveillance powers through its unlawful obtainment of information. Illston, Google, and others are taking steps to challenge the NSLs on the basis that they are “unreasonable, oppressive, and otherwise unlawful.”

Photo Credit: Cliff 1066/Flickr

The “warrantless wiretapping” law has new life, as the United States Senate extended the Foreign Intelligence Surveillance Act, or FISA, today by a significant margin.

The law, originally passed in 2008 under the Bush administration, was renewed this morning when the Senate passed the bill 73 to 23. FISA permits the federal government to obtain secret court orders that allow it to listen in on American communications if “foreign intelligence” data could be collected. For example, American communications can be tapped if they’re speaking with someone outside the country. Americans are not alerted to this surveillance, and a warrant is not required to perform it. The government says it is necessary for national security, though the bill can still be challenged in the Supreme Court.

The bill will next expire on Dec. 31, 2017, once the president has signed it into law today.

The Electronic Frontier Foundation, a digital rights group based in San Francisco, tweeted, “After rejecting all privacy fixes, the Senate just reauthorized #FISA warrantless wiretapping. A shame on Congress, a blight on our nation.”

The EFF previously outlined all of the “privacy fixes” that were proposed, including an amendment from Sen. Ron Wyden (D-Ore.) that asked the government to reveal how many Americans were under surveillance by FISA. It was shot down in a move the EFF called “disgraceful.”

Other amendments included one from Sen. Rand Paul (R-Ky.) called the “Fourth Amendment Protection Act,” which would force the government to get warrants for the wiretapping. Sen. Jeff Merkley’s (D-Ore.) amendment would make the government be transparent about how the FISA bill is being used against Americans specifically. And Sen. Patrick Leahy’s (D-Ver.) amendment would have the bill expire within three years, to be reassessed during President Barack Obama’s administration.

None of these passed.

Wired reports that FISA spying can begin at any point, before the secret court orders have been issued and through any resulting appeals process, should a request to use FISA is shot down. Wired further notes that FISA can be used on “any telephone that it believes will yield information from or about al Qaeda.”

We have reached out to the EFF and the Electronic Privacy Information Center and will update this post upon hearing back.

Listening-in image via Shuttestock

The new $5000 EyeSee mannequins contain cameras in their eyes that are connected to facial recognition software that analyzes customers’ faces, classifying them by age, sex, race, and ethnicity. The cameras also, according to a company press release, can tell merchandisers when the store is getting crowded, and what products or clothing are attracting the most attention.

The primary goal of the seeing-eye mannequins is to retailers maximize sales by finding ways to improve product and window displays.

According to Almax, privacy is not an issue, as analyzed pictures are not saved or transmitted, so shopper data is simply aggregated without a record of specific individuals. Bloomberg says the high-tech mannequins are currently being used in three European countries as well as the U.S., and have already led store managers to revise marketing practices after learning that men who shopped early in a sale spent more than women.

Source: Almax

EyeSee mannequins in action

(That may not be a shock to most wives, since some men — OK, yours truly — are horrible shoppers when it comes to getting good deals.)

The facial recognition technology was developed by Italian company Kee Square, a spinoff from the Polytechnical University of Milan. According to its website, Kee Square develops, integrates, and customizes biometrics products for law enforcement agencies and businesses.

The question, I guess, is whether we want our dummies looking back at us, and whether we believe that any collected data will be used, managed, and disposed of responsibly. Many stores, of course, already use sophisticated video surveillance.

But there is definitely something just a little bit creepier about dummies, mannequins, and doppelgängers looking back at us.

Image credits: Almax

High-tech security measures might be expected at large politically charged gatherings. But cameras capable of real-time, sophisticated data mining are starting to appear everywhere.

It may soon no longer be necessary to have a human being actively monitoring the screens. Computers will be able to do a better job and for a fraction of the cost. Legal protections from surveillance cameras currently focus on where a camera can be placed.  This will shift to what types of analysis the camera is capable of performing, and for what purpose.

The reason for the quick adoption of these cameras is simple: Human beings are not good at attentively watching large amounts of video for very long. In the United States, it is estimated that there are 30 million surveillance cameras, which create more than 4 billion hours of footage every week. At best only a small portion of this footage will ever be reviewed. London, for example, has close to 500,000 surveillance cameras. But this has only helped police in solving three percent of all street robberies.

Instead of trying to solve crimes after they have happened, advances in camera technology can spot problems as they are occurring. On Liberty Island, home to one of the nation’s most famous landmarks, surveillance camera data are brought together and analyzed in order to spot when somebody abandons a bag or tries to stay on the island after hours. This technology can alert police to the appearance of an imminent fight. Across the Bay, in Manhattan, surveillance cameras can track a person’s general description. If there is a report about a suspicious person wearing a red shirt, for example, every person wearing a red shirt in sight of any of the area’s thousands of cameras can be displayed together—in an instant.

It’s not just law enforcement that has taken note of this. Retail outlets such as Macys, Babys ‘R’ Us, and CVS have installed systems in some of their stores that can spot shoppers who do unusual things — such as remove many items from a shelf at once, open a case that is normally locked, or walk suspiciously through the aisles. Pathmark grocery stores have implemented similar technology that will quickly alert managers of potential shoplifting and employee fraud as it takes place.

These systems are programmed to assume that everybody is a potential shoplifter, terrorist, or criminal. In addition to issues related to presumption of innocence, this raises many questions about privacy. The idea of a person closely watching our movements is unsettling. Does it “feel” different if it’s just a computer rather than a human being?

WikiLeaks cables released earlier this month revealed a widespread use by local and federal agencies in the U.S. of TrapWire, a technology that aggregates incident reports and camera feeds to try to detect potential terrorist threats. Understandably, there was uproar over the lack of public disclosure. These same features are being used in other parts of the world to combat dissent. In China, security cameras are commonly used to count the number of people in crosswalks. These alert the authorities if a crowd forms at an unusual time — which could be sign of unsanctioned protest. Around the world, companies like Sony, Kraft, and Adidas are also installing cameras to target ads to consumers based on their physical features.

The last two decades have largely settled the question of where a security camera can be placed. The promise of increased safety has trumped the right to remain anonymous. Not having behavioral detection systems present will be seen as a danger and liability, especially as the cost of monitoring technology drops and advanced surveillance becomes even more affordable.

So far, there has been little consequence to this because nothing is usually done with the footage.  But that is going to change. There will, undoubtedly, be concerns arising related to how these datasets can be combined with personally identifiable information to track not only our locations and activities, but our feelings and state. You can expect these to be the next privacy battles in the courts. One would expect the Republicans—who often consider themselves to be the defenders of free speech and liberty—to lead the charge against these technologies.

Meanwhile, back at the Convention in Tampa, cameras have been working overtime alongside police officers to make sure that things run smoothly. If the protests turn violent, as they did at the 2008 Convention in St. Paul, the authorities will now know when and where to react.  Big Brother will tell them. It will be interesting to see how the need for domestic security will be balanced against individual rights and our need for privacy.

Tarun Wadhwa is a research associate at Singularity University researching how advancing technologies can be used to solve public policy issues. This story was produced in cooperation with Singularity University partner site Singularity Hub.

[Top image via publicintelligence.net]

This story originally appeared on Forbes.com.

Sept. 9 - 10, 2013 San Francisco, CA

Early Bird Tickets on Sale

The latest WikiLeaks release has shone a spotlight on an alleged domestic and foreign surveillance program run with cloud-based software provided by Virginia company TrapWire, many of whose top leaders and employees are former members of three-letter American intelligence agencies.

WikiLeaks tweeted about it today, and the story quickly became a trending topic on Twitter:

WikiLeaks reveal secret, widespread #TrapWire surveillance system | RT rt.com/usa/news/strat… #WikiLeaks #gifiles

—
WikiLeaks (@wikileaks) August 10, 2012

TrapWire produces software that is currently in use by Homeland Security, the military, U.S. intelligence agencies, and local police forces including the LAPD and the Metropolitan Police Department in Washington, DC (whose chief recently praised the software). Private sector clients include major corporations in the energy, chemical, and financial industries.

TrapWire does three things: protect critical infrastructure by analyzing CCTV footage with face and pattern recognition algorithms to detect pre-attack patterns, provide online reporting systems for citizens to report suspicious behavior, and gather and analyze many sources of information to allow law enforcement to make sense of the masses of collected data.

If TrapWire does what it is intended to, it’s potentially a critical innovation that can help protect the U.S. from terrorism. Tying together disparate facts from multiple sources across geographies might have prevented 9-11. On the other hand, the secrecy, the integration with government, and the thought that a private corporation could have access to huge amounts of private citizens’ data is concerning to say the least.

The data WikiLeaks released was taken from more than five million emails allegedly stolen from a company with close ties and inside information about TrapWire, security information company Stratfor. Stratfor had a contract with TrapWire in which each company agreed to promote the other company’s products, and Stratfor agreed to feed its intelligence reports into the TrapWire system.

Then Stratfor was hacked by Anonymous in 2011, and Anonymous provided the emails to WikiLeaks.

In those emails, Stratfor says that TrapWire is in use in “Scotland Yard, #10 Downing, the White House, and many [multinational corporations].” One email talks about the Nigerian government being interested in TrapWire, and others imply that organizations as diverse and powerful as the Secret Service, MI5, and the Canadian RCMP are all clients.

And yet another leaked email from Fred Burton, Stratfor’s VP of Intelligence, says “God Bless America. Now they have EVERY major [high-value target] in [the continental U.S.], the UK, Canada, Vegas, Los Angeles, NYC as clients.”

TrapWire was not always so secretive about its software. Company founder Richard Hollis spoke about the software in 2005, say that it:

 … can collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists. The application can do things like “type” individuals so if people say “medium build,” you know exactly what that means from that observer.

And in 2007, the company elaborated on how TrapWire works:

 … the TrapWire rules engine analyzes each aspect of [reported security incidents] and compares it to all previously-collected reporting across the entire TrapWire network. Any patters detected — links among individuals, vehicles, or activities — will be reported back to each affected facility. This information can also be shared with law enforcement organizations …

The question becomes: Where does national security start and the public’s right (or need) to know end? And, to what extent should private companies be embedded in public surveillance?

Even tougher: does our security depend, at least in part, on our ignorance? Because if we learn about anti-terrorism methodologies, you can bet the bad guys do too.

There is as yet no statement from Stratfor, TrapWire Inc., or any of the named public security agencies.

Image credit: ShutterStock/Steven Finn

National Security Agency director General Keith Alexander promised a crowd of hackers Friday that the NSA does not keep a profile on every American. But one former employee is saying that’s not entirely an honest claim.

“His statement about not keeping track of every American is absolutely true. He missed a few,” said Bill Binney, former official in the NSA, at the Def Con conference in Las Vegas. In other words, the NSA does not keep a profile on every American.

“That’s the kind of word game they play,” Binney said. “There’s absolutely no excuse for him even implying that he’s not collecting all this data.”

Alexander, however, called the question of keeping profiles on every American “absolute nonsense,” during his talk at the same conference. He was the first NSA director to visit Def Con, a conference that has traditionally attracted hackers, feds, and press alike. During the speech, the director appeared in jeans and called a pre-teen hacker codenamed Sci-Fi to the stage to underscore the importance of passing hacking knowledge on to the country’s youth. Much of his talk centered around sharing between the private sector and the government, as well as the need for hackers to join the NSA’s team.

“We need great talent. We don’t pay as high as some of the others. We’re fun to be around,” said Alexander. “Sometimes you guys get a bad rap. From my perspective what you are doing to figure out the vulnerabilities in our systems is absolutely needed.”

His slides ended with a link to www.nsa.gov/careers/dc20, a recruiting site.

Don’t expect Binney to be visiting that site looking for another job with the agency. After leaving, he has since written a number of books about the NSA and the technology he created there, saying the agency built a number of facilities just to house the massive amounts of data it is said to collect on American citizens. On the same theme, James Bamford recently wrote an article for Wired Magazine about a new $2 billion Utah facility being erected so that it can serve a a repository for the NSA’s vast records.

“The reason I left the NSA is because they started spying on everybody in the country,” said Binney. “Unfortunately they took those programs that I built and turned them on you, and I’m sorry for that. I didn’t intend that. But they did that.”

Binney accused the NSA of always intending to spy on Americans, not just falling into the job after 9/11. Indeed, he says that “three-star generals” within the organization approached telecommunications companies to “supply customer data” in February of 2001, seven months before 9/11 occurred. He also said the systems the NSA uses to keep that data are able to identify parties within the communications and then build searchable profiles from there.

Alexander, on the other hand, says the NSA is watched by too many people for it to be able to get away with something like that. He mentions that all of the branches of government are privy to its activities and have access to the data it collects. Under the FISA, or Foreign Intelligence Surveillance Act, the NSA must with “minimize” the amount of data it receives if a foreign target is speaking with an American citizen. He further defined that this means “nobody can see” that data “unless a crime has been committed.”

Indeed, Alexander says that those who accuse the NSA of keep dossier on the American people “should know better.”

“Think of that 260 million dossiers, or however many you’d come out [with],” he said. “Let’s see, if you’re trying to maintain those dossiers, I’m not a real good mathematician, but let’s say we have 20,000 people working that. How many files would each of us have to work? I’m not that kind of guy who’s going to work all those files.”

The tool is a smartphone app, Police Tape, available for Android and currently in the app store approval process for iPhone. Developed as an open-source app by OpenWatch, the app “allows people to securely and discreetly record and store interactions with police,” according to the description on Google Play.

Source: ACLU

The Police Tape app

The “discreet” part? While recording audio, the app disappears from the screen, and while recording video, the screen goes black.

Recordings will be automatically and anonymously sent to the ACLU, which will store the video and audio in secure off-site servers. It is not clear if the footage is sent live, via the cloud, or if the uploading only happens later when the smartphone owner connects to WIFI or a computer.

(VentureBeat has reached out to the ACLU for comment and will update this when we learn more.)

Recording police has been an important legal tool since L.A. police were videotaped beating Rodney King in March 1991, but it is a controversial subject that has, on occasion, gotten citizens and journalists alike into legal trouble.

A Boston attorney who recorded police arresting a man was in turn arrested for the act of videoing. The courts have supported citizens’ rights to record in public places, however, and he recently won a $170,000 judgement for wrongful arrest.

And some have managed to use video evidence in an attempt to clear themselves of alleged crimes, such as a journalist who was recording Occupy Miami. The ACLU also cites the fact that in May of this year, a federal appeals court ruled that an Illinois law making it illegal to record police on duty was unconstitutional.

If the ACLU has its way, every citizen will have the right to securely, safely, and successfully record those who are serving and protecting.

Here’s the ACLU’s video promoting the new app:

Daryl Lang / Shutterstock.com

The system is known as “ICT hardware,” and it comes from a Leeds-based company called Datong. In essence, the device masquerades as a mobile phone network, intercepting communications from individual’s cellular phones gather data and allowing police authorities to remotely shut off phones in a targeted area, the Guardian writes.

The device is a the size of a suitcase, and emits a signal which can blanket an area of roughly 10 square kilometers, causing cellular phones to automatically broadcast the owner’s international mobile subscriber identity (IMSI) and international mobile equipment identity (IMEI), as well as the owner’s whereabouts, reports CNET. The device then picks up this data, giving the authorities information on cellphone users’ whereabouts.

“It raises a number of serious civil liberties concerns and clarification is urgently needed on when and where this technology has been deployed, and what data has been gathered,” said Nick Pickles, director of privacy and civil liberties campaign group Big Brother Watch, in The Guardian.

Others wondered whether such invasive technology made it possible to individually identify suspected criminals based on their mobile phone behavior, when hundreds of transmissions are being intercepted simultaneously.

Datong is selling the snooping device to governments in more than 40 countries in the Middle East, South America, Eastern Europe, Asia Pacific, and the U.S. Secret Service, according to the Guardian.

Attached image is not the device being used by Scotland Yard.

[Image Credit: x-ray delta one/Flickr]

That’s why there’s big potential for the latest Seawolf camera chip from Pixim. The Seawolf chip takes previous-generation technology and packs it all together in a single piece of silicon.

Mountain View, Calif.-based Pixim is already a big player in making image processors for security cameras. Now it can combine the image processor with other electronics to make smaller and higher quality cameras that work in all lighting conditions.

The chip is all-digital, in contrast to earlier solutions that require multiple chips with both analog and digital functions. The result is 10 times the low-light performance of the previous generation, Pixim says. It has wide dynamic range, meaning it can capture images with both bright lights and shadows in the same scene. The hardware cost is half the previous generation. Pixim’s Digital Pixel System uses hundreds of thousands of pixels on a chip to capture images and constantly self adjust.

The Seawolf chip can be used in devices such as web-connected security cameras. It can capture full D1 video at 30 frames per second. The chips can be used in cameras at retail, banking, gambling, schools, transit, commercial and industrial sites. The Pixim chips compete with charge-coupled device (CCD) chips made by companies such as Panasonic and Sony. Pixim’s customers using the technology include Dallmeier, March Networks, Genie CCTV, Ovii, and UTC.

Pixim’s chips have been very popular in China as well as elsewhere in the world. In the U.S., government agencies have been installing security cameras for Homeland Defense reasons. Corporations are also installing cameras that do a better job of capturing faces of people going in and out of buildings. In the United Kingdom, the government has also installed widespread security cameras to deter crime.