images/Makefile: Add file.
parent
17dbce4b7f
commit
f12db70e69
|
@ -0,0 +1,25 @@
|
|||
# Third-party image retrieval
|
||||
#
|
||||
# Licensed under the CC0 1.0 Universal license (public domain).
|
||||
##
|
||||
|
||||
images := sf-cameras.jpg alpr-mounted.png alpr-capture.png \
|
||||
alpr-pips.png
|
||||
|
||||
define imgfetch
|
||||
torify wget -O
|
||||
endef
|
||||
|
||||
all: $(images)
|
||||
|
||||
sf-cameras.jpg:
|
||||
$(imgfetch) "$@" 'https://cbssanfran.files.wordpress.com/2015/09/san_francisco_surveillance_cameras_092315.jpg'
|
||||
|
||||
alpr-mounted.png:
|
||||
$(imgfetch) "$@" 'https://www.eff.org/files/2015/10/20/paxton_and_spencer_.png'
|
||||
|
||||
alpr-capture.png:
|
||||
$(imgfetch) "$@" 'https://www.eff.org/files/2015/10/20/paxton_captures.png'
|
||||
|
||||
alpr-pips.png:
|
||||
$(imgfetch) "$@" 'https://www.eff.org/files/2015/10/15/pipscam9_redacted.png'
|
240
sapsf.bib
240
sapsf.bib
|
@ -222,3 +222,243 @@
|
|||
history, telephone numbers, IMEIs, etc to third-party
|
||||
servers without users' knolwedge or censent}
|
||||
}
|
||||
|
||||
@online{intercept:nyc-surveil,
|
||||
author = {Currier, Cora},
|
||||
title = {A Walking Tour of New York's Massive Surveillance Network},
|
||||
organization = {The Intercept},
|
||||
date = {2016-09-24},
|
||||
url = {https://theintercept.com/2016/09/24/a-walking-tour-of-new-yorks-massive-surveillance-network/},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{shodan,
|
||||
title = {Shodan},
|
||||
subtitle = {The search engine for the Internet of Things},
|
||||
url = {https://shodan.io},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{krebs:mongodb,
|
||||
author = {Krebs, Brian},
|
||||
title = {Extortionists Wipe Thousands of Databases,
|
||||
Victims Who Pay Up Get Stiffed},
|
||||
url = {https://krebsonsecurity.com/2017/01/extortionists-wipe-thousands-of-databases-victims-who-pay-up-get-stiffed/},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{insecam,
|
||||
title = {Insecam - World biggest online cameras directory},
|
||||
url = {http://insecam.org},
|
||||
urldate = {2017-03-12},
|
||||
annotation = {Load the HTTP (non-HTTPS) site, otherwise mixed content is
|
||||
blocked and thumbnails will not work.}
|
||||
}
|
||||
|
||||
@article{ieee:gait,
|
||||
author = {Rogez, Gr\'egory
|
||||
and Rihan, Jonathan
|
||||
and Guerrero, Jose J.},
|
||||
title = {Monocular {3D} Gait Tracking in Surveillance Scenes},
|
||||
journal = {IEEE Transactions on Cybernetics},
|
||||
url = {http://vision.ics.uci.edu/papers/RogezRGO_Cybernetics_2013/RogezRGO_Cybernetics_2013.pdf}
|
||||
}
|
||||
|
||||
@article{ijca:gait,
|
||||
author = {Vaidya, Sonali
|
||||
and Shah, Kamal},
|
||||
title = {Real Time Video Surveillance System},
|
||||
journal = {International Journal of Computer Applications},
|
||||
volume = 86,
|
||||
pages = {22-27},
|
||||
year = 2014,
|
||||
url = {http://research.ijcaonline.org/volume86/number14/pxc3893419.pdf},
|
||||
annotation = {Discusses realtime gait analysis for video surveillance},
|
||||
}
|
||||
|
||||
|
||||
@online{newsci:fb-noface,
|
||||
author = {Rutkin, Aviva},
|
||||
title = {Facebook can recognize you in photos even if you're not looking},
|
||||
organization = {New Scientist},
|
||||
url = {https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{rms:facebook,
|
||||
author = {Stallman, Richard},
|
||||
title = {Reasons not to use (i.e., be used by) {Facebook}},
|
||||
url = {https://stallman.org/facebook.html},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{register:fb-scan,
|
||||
author = {Chirgwin, Richard},
|
||||
title = {Facebook conjures up a trap for the unwary: scanning your camera
|
||||
for your friends},
|
||||
subtitle = {Auto-spam your friends with Photo Magic},
|
||||
organization = {The Register},
|
||||
url = {https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/},
|
||||
urldate = {2017-03-12},
|
||||
annotation = {Archive.org link used because The~Register blocks
|
||||
Tor~users unless they execute proprietary JavaScript.},
|
||||
}
|
||||
|
||||
@online{guardian:fb-scan,
|
||||
author = {Arthur, Charles},
|
||||
title = {Facebook in new privacy row over facial recognition feature},
|
||||
subtitle = {Social network turns on new feature to automatically identify
|
||||
people in photos, raising questions about privacy
|
||||
implications of the service},
|
||||
organization = {The Guardian},
|
||||
date = {2011-06-08},
|
||||
url = {https://www.theguardian.com/technology/2011/jun/08/facebook-privacy-facial-recognition},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{techcrunch:fb-baby,
|
||||
author = {Constine, Josh},
|
||||
title = {Facebook’s New Photo “Scrapbook” Lets Parents Give Kids An
|
||||
Official Presence},
|
||||
organization = {TechCrunch},
|
||||
date = {2016-03-31},
|
||||
url = {https://techcrunch.com/2015/03/31/step-1-identify-baby-photo-step-2-hide-baby-photos/},
|
||||
urldate = {2017-03-12},
|
||||
annotation = {Facebook tricks users into violating their child's privacy
|
||||
before they have any say in the matter.},
|
||||
}
|
||||
|
||||
@online{eff:ios-photo-diff,
|
||||
author = {Gebhart, Gennie
|
||||
and Grant, Starchy
|
||||
and Portnov, Erica},
|
||||
title = {Facial Recognition, Differential Privacy, and Trade-Offs in
|
||||
Apple's Latest OS Releases},
|
||||
organization = {Electronic Frontier Foundation},
|
||||
date = {2016-09-27},
|
||||
url = {https://www.eff.org/deeplinks/2016/09/facial-recognition-differential-privacy-and-trade-offs-apples-latest-os-releases},
|
||||
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{churchix,
|
||||
title = {Churchix Facial Recognition Software},
|
||||
subtitle = {Churchix Facial Recognition Software for Event Attendance},
|
||||
url = {http://churchix.com/},
|
||||
urldate = {2017-03-12},
|
||||
annotation = {This software is cited for illustration; do~not use it.}
|
||||
}
|
||||
|
||||
@online{facefirst,
|
||||
title = {Face Recognition Software for Retail Stores: \#1~Biometric
|
||||
Surveillance for Loss Prevention},
|
||||
url = {https://www.facefirst.com/industry/retail-face-recognition/},
|
||||
urldate = {2017-03-12},
|
||||
annotation = {Full-page loading spinner does not remove itself without
|
||||
running non-free JavaScript; remove it manually using a
|
||||
web browser with a~debugger. This software is cited for
|
||||
illustration; do~not use it.},
|
||||
}
|
||||
|
||||
@online{bio:iris,
|
||||
title = {Hacker extracts Merkel's iris image},
|
||||
organization = {Planet Biometrics},
|
||||
date = {2015-11-30},
|
||||
url = {http://www.planetbiometrics.com/article-details/i/3644/},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{eff:facial-tech,
|
||||
author = {Schwartz, Adam},
|
||||
title = {The Danger of Corporate Facial Recognition Tech},
|
||||
subtitle = {The Illinois Biometric Privacy Statute Survived a Recent
|
||||
Attack. But the Struggle Continues},
|
||||
organization = {Electronic Frontier Foundation},
|
||||
date = {2016-06-07},
|
||||
url = {https://www.eff.org/deeplinks/2016/06/danger-corporate-facial-recognition-techgg},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{eff:fbi-bio,
|
||||
author = {Lynch, Jennifer},
|
||||
title = {New Report: FBI Can Access Hundreds of Millions of Face
|
||||
Recognition Photos},
|
||||
organization = {Electronic Frontier Foundation},
|
||||
date = {2016-06-15},
|
||||
url = {https://www.eff.org/deeplinks/2016/06/fbi-can-search-400-million-face-recognition-photos},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{cbs:sf-smile,
|
||||
author = {Borba, Andria},
|
||||
title = {Nowhere To Hide: Few Public Places Without Surveillance Cameras
|
||||
In San Francisco},
|
||||
organization = {CBS},
|
||||
date = {2015-09-24},
|
||||
url = {http://sanfrancisco.cbslocal.com/2015/09/24/san-francisco-surveillance-camera-tenderloin/},
|
||||
urldate = {2017-03-12},
|
||||
}
|
||||
|
||||
@online{pbs:nova:boston,
|
||||
author = {O'Brien, Michael
|
||||
and Cort, Julia},
|
||||
title = {Manhunt---{Boston Bombers}},
|
||||
subtitle = {Which technologies worked—and which didn't---in the race to
|
||||
track down the men behind the marathon attack?},
|
||||
organization = {WGBH Educational Foundation},
|
||||
date = {2013-05-29},
|
||||
url = {http://www.pbs.org/wgbh/nova/tech/manhunt-boston-bombers.html},
|
||||
urldate = {2017-03-13},
|
||||
annotation = {Specificall, pay attention to the Domain Awareness System
|
||||
and other surveillance capabilities. Transcript
|
||||
available.},
|
||||
}
|
||||
|
||||
@online{reuters:nypd-das,
|
||||
author = {Francescani, Chris},
|
||||
title = {NYPD expands surveillance net to fight crime as well as terrorism},
|
||||
organization = {Reuters},
|
||||
date = {2013-06-21},
|
||||
url = {http://www.reuters.com/article/usa-ny-surveillance-idUSL2N0EV0D220130621},
|
||||
urldate = {2017-03-13},
|
||||
}
|
||||
|
||||
@online{wired:pixel-face,
|
||||
author = {Newman, Lily Hay},
|
||||
title = {AI Can Recognize Your Face Even If You’re Pixelated},
|
||||
organization = {Wired},
|
||||
date = {2016-09-12},
|
||||
url = {https://www.wired.com/2016/09/machine-learning-can-identify-pixelated-faces-researchers-show/},
|
||||
urldate = {2017-03-13},
|
||||
}
|
||||
|
||||
@online{arxiv:google-pixel-res,
|
||||
author = {Dahl, Ryan
|
||||
and Norouzi, Mohammad
|
||||
and Shlens, Jonathan},
|
||||
title = {Pixel Recursive Super Resolution},
|
||||
organization = {Google Brain},
|
||||
date = {2017-02-02},
|
||||
archivePrefix= {arXiv},
|
||||
eprint = {1702.00783},
|
||||
primaryClass = {cs.CV},
|
||||
}
|
||||
|
||||
@online{fast:das,
|
||||
author = {Ungerleider, Neal},
|
||||
title = {NYPD, Microsoft Launch All-Seeing “Domain Awareness System” With
|
||||
Real-Time CCTV, License Plate Monitoring},
|
||||
subtitle = {The New York Police Department has a new terrorism detection
|
||||
system that will also generate profit for the city},
|
||||
organization = {Fast Company},
|
||||
date = {2012-08-08},
|
||||
url = {https://www.fastcompany.com/3000272/nypd-microsoft-launch-all-seeing-domain-awareness-system-real-time-cctv-license-plate-monito},
|
||||
urldate = {2017-03-13},
|
||||
}
|
||||
|
||||
@online{nyc:pspg,
|
||||
title = {Public Security Privacy Guidelines},
|
||||
url = {http://www.nyc.gov/html/nypd/downloads/pdf/crime_prevention/public_security_privacy_guidelines.pdf},
|
||||
urldate = {2017-03-13},
|
||||
annotation = {Information about the NYPD's Domain Awareness System.}
|
||||
}
|
||||
|
|
556
slides.org
556
slides.org
|
@ -13,150 +13,6 @@
|
|||
#+COLUMNS: %40ITEM %10DURATION{:} %8TODO %BEAMER_ENV(ENVIRONMENT)
|
||||
|
||||
|
||||
#+BEGIN: columnview :hlines 3 :id global
|
||||
| ITEM | DURATION | TODO | ENVIRONMENT |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| * LaTeX Configuration | | | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| * Slides | 0:47 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Introduction / Opening | 00:01 | REVIEWED | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Mobile [0/5] | 0:07 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction | 0:00 | REVIEWED | ignoreheading |
|
||||
| **** Introduction | 00:00:15 | REVIEWED | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Cell Towers [0/2] | 0:02 | REVIEWED | |
|
||||
| **** Fundamentally Needed | 00:00:45 | REVIEWED | |
|
||||
| **** Cell-Site Simulators | 00:00:45 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Wifi [0/3] | 0:01 | REVIEWED | |
|
||||
| **** ESSID and MAC Broadcast | 00:01 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Geolocation [0/3] | 0:02 | REVIEWED | |
|
||||
| **** GPS | 00:01 | REVIEWED | |
|
||||
| **** But I Want GPS! | 00:00:30 | REVIEWED | |
|
||||
| **** Location Services | 00:00:45 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Operating System [0/3] | 0:02 | REVIEWED | |
|
||||
| **** Untrusted/Proprietary OS | 00:00:45 | REVIEWED | |
|
||||
| **** Free/Libre Mobile OS? | 00:00:30 | REVIEWED | |
|
||||
| **** Modem Isolation | 00:00:30 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Stationary [0/5] | 0:08 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction [0/1] | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Surveillance Cameras [0/2] | 0:00 | DRAFT | |
|
||||
| **** Unavoidable Surveillance | | DRAFT | |
|
||||
| **** Access to Data | 00:00:30 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Internet of Things [0/4] | 0:04 | LACKING | |
|
||||
| **** Internet-Connected Cameras | 00:00:30 | DRAFT | |
|
||||
| **** The ``S'' In IoT Stands For ``Security'' | 00:01:30 | LACKING | |
|
||||
| **** Who's Watching? | 00:00:30 | DEVOID | |
|
||||
| **** Facial Recognition | 00:01 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Social Media [0/1] | 0:01 | DRAFT | |
|
||||
| **** Collateral Damage | 00:01 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Driving [0/3] | 0:02 | RAW | |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
| **** ALPRs | 00:01 | LACKING | |
|
||||
| **** Car Itself | 00:00:30 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** The Web [0/6] | 0:10 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction [0/1] | | DRAFT | ignoreheading |
|
||||
| **** Introduction | | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Bridging the Gap [0/1] | 0:01 | LACKING | |
|
||||
| **** Ultrasound Tracking | 00:01 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Incentive to Betray [0/1] | 0:00 | DRAFT | |
|
||||
| **** Summary | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Analytics [0/2] | 0:02 | LACKING | |
|
||||
| **** Trackers | 00:01 | LACKING | |
|
||||
| **** Like Buttons | 00:01 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Fingerprinting [0/3] | 0:03 | LACKING | |
|
||||
| **** Summary | | DRAFT | |
|
||||
| **** Alarmingly Effective | 00:03 | LACKING | fullframe |
|
||||
| **** User Agent | | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Anonymity [0/4] | 0:04 | DRAFT | |
|
||||
| **** Summary | 00:01 | DRAFT | fullframe |
|
||||
| ***** Anonymity | | | |
|
||||
| ***** Pseudonymity | | | |
|
||||
| **** IANAAE | | DRAFT | fullframe |
|
||||
| **** The Tor Network | 00:01 | DRAFT | |
|
||||
| **** TorBrowser, Tails, and Whonix | 00:02 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Data Analytics [0/2] | 0:04 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction [0/1] | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Headings [0/3] | 0:04 | LACKING | |
|
||||
| **** Advertisers | 00:02 | LACKING | |
|
||||
| **** Social Media | 00:01 | DEVOID | |
|
||||
| **** Governments | 00:00:30 | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Policy and Government [0/6] | 0:12 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction [0/1] | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Surveillance [0/7] | 0:06 | LACKING | |
|
||||
| **** History of NSA Surveillance | 00:02 | DRAFT | |
|
||||
| **** Ron Wyden | | DRAFT | fullframe |
|
||||
| **** The Leak | | DRAFT | fullframe |
|
||||
| **** Verizon Metadata | 00:00:30 | DRAFT | |
|
||||
| **** PRISM | | DRAFT | |
|
||||
| **** Snowden | 00:01 | DRAFT | |
|
||||
| **** Tools | 00:02 | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Crypto Wars [0/6] | 0:04 | LACKING | |
|
||||
| **** Introduction | 00:00 | DRAFT | fullframe |
|
||||
| **** Export-Grade Crypto | 00:01:30 | DRAFT | |
|
||||
| **** Bernstein v. United States | 00:01 | DRAFT | |
|
||||
| **** The First Crypto Wars | 00:01 | DRAFT | |
|
||||
| **** Re-repeats Itself | 00:00 | DRAFT | fullframe |
|
||||
| **** Modern Crypto Wars | | DRAFT | fullframe |
|
||||
| **** ``Going Dark'' | | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Espionage [0/1] | 0:01 | LACKING | |
|
||||
| **** US Can't Keep Its Own Secrets | 00:01 | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Subpoenas, Warrants, NSLs [0/1] | 0:01 | LACKING | |
|
||||
| **** National Security Letters | 00:01 | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Law [0/1] | 0:01 | LACKING | |
|
||||
| **** Summary | 00:01 | DEVOID | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Your Fight [0/1] | 0:05 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Headings [0/6] | 0:05 | LACKING | |
|
||||
| **** Feeding | 00:00 | DRAFT | fullframe |
|
||||
| **** SaaSS and Centralization | 00:01 | DEVOID | |
|
||||
| **** Corporate Negligence | 00:01 | LACKING | |
|
||||
| **** Status Quo | 00:02 | DRAFT | |
|
||||
| **** Status Quo Cannot Hold | | DRAFT | fullframe |
|
||||
| **** Push Back | 00:01 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Thank You | | | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** References | | | appendix |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| * Exporting | | | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| * Local Variables | | | |
|
||||
#+END
|
||||
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
*Remember the themes!*:
|
||||
- Surreptitious
|
||||
|
@ -294,7 +150,7 @@ In other words: they're excellent tracking devices.
|
|||
:DURATION: 00:00:45
|
||||
:END:
|
||||
- Phone needs tower to make and receive calls
|
||||
- Gives away approximate location (can triangulate)
|
||||
- Gives away approximate location\cite{pbs:nova:boston}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
The primary reason is inherent in a phone's design:
|
||||
|
@ -303,6 +159,9 @@ A phone "needs" to be connected to a tower to make and receive calls.
|
|||
|
||||
Unless it is off or otherwise disconnected (like airplane mode),
|
||||
its connection to the cell tower exposes your approximate location.
|
||||
If the signal reaches a second tower,
|
||||
the potential location can be calculated from the signal delay.
|
||||
You can also triangulate.
|
||||
These data persist for as long as the phone companies are willing to persist
|
||||
it.
|
||||
|
||||
|
@ -607,13 +466,13 @@ So even with Replicant,
|
|||
|
||||
|
||||
** LACKING Stationary [0/5]
|
||||
*** DRAFT Introduction [0/1] :B_ignoreheading:
|
||||
*** REVIEWED Introduction [0/1] :B_ignoreheading:
|
||||
:PROPERTIES:
|
||||
:BEAMER_env: ignoreheading
|
||||
:END:
|
||||
**** DRAFT Introduction :B_fullframe:
|
||||
**** REVIEWED Introduction :B_fullframe:
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:30
|
||||
:DURATION: 00:00:15
|
||||
:BEAMER_env: fullframe
|
||||
:END:
|
||||
|
||||
|
@ -629,15 +488,18 @@ Or maybe you've mitigated those threats in some way.
|
|||
There's certain things that are nearly impossible to avoid.
|
||||
#+END_COMMENT
|
||||
|
||||
*** DRAFT Surveillance Cameras [0/2]
|
||||
**** DRAFT Unavoidable Surveillance
|
||||
*** REVIEWED Surveillance Cameras [0/6]
|
||||
**** REVIEWED Unavoidable Surveillance
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:10
|
||||
:END:
|
||||
|
||||
- Security cameras are everywhere
|
||||
- Homes
|
||||
- Private businesses
|
||||
- Traffic cameras
|
||||
- Streets
|
||||
- ...
|
||||
\cite{intercept:nyc-surveil,cbs:sf-smile,fast:das}
|
||||
- Businesses
|
||||
- Traffic
|
||||
- Streets/sidewalks
|
||||
- Public transportation
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
On the way here,
|
||||
|
@ -645,53 +507,200 @@ On the way here,
|
|||
They could be security cameras for private businesses.
|
||||
Traffic cameras.
|
||||
Cameras on streets to deter crime.
|
||||
|
||||
Let's set aside local, state, and federal-owned cameras for a moment
|
||||
and focus on businesses.
|
||||
So a bunch of separate businesses have you on camera.
|
||||
So what?
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** DRAFT Access to Data
|
||||
|
||||
**** REVIEWED Private Cameras in Plain View; Tinerloin, SF
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:30
|
||||
:END:
|
||||
|
||||
- <1> Data can be subpoenaed or obtained with a warrant
|
||||
- <1> If law enforcement wants to track you, they can
|
||||
- <2> If you own a surveillance system, be responsible and considerate
|
||||
- <2> Best way to restrict data is to avoid collecting it to begin with
|
||||
#+BEGIN_CENTER
|
||||
#+ATTR_LATEX: :height 1.25in
|
||||
[[./images/sf-cameras.jpg]]
|
||||
\incite{cbs:sf-smile}
|
||||
#+END_CENTER
|
||||
|
||||
#+BEGIN_QUOTE
|
||||
``The idea that you can sort of meet in a public place and quietly have a
|
||||
conversation that we’re sort of accustomed to from spy movies, that is
|
||||
really not realistic anymore,'' ---Nadia Kayyali, EFF
|
||||
#+END_QUOTE
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Well one of the most obvious threats, should it pertain to you, is a
|
||||
subpoena.
|
||||
If law enforcement wanted to track you for whatever reason---crime or
|
||||
not!---they could simply subpoena the surrounding area.
|
||||
This is a map of private surveillance cameras in plain view around SF's
|
||||
Tenderloin neighborhood.
|
||||
Obviously your city or town might be different.
|
||||
Could be worse, even.
|
||||
And again, these are just the ones that the DA's office found in
|
||||
/plain view/!
|
||||
|
||||
According to them,
|
||||
people who live in this neighborhood could be on camera dozens of times in
|
||||
a single day.
|
||||
|
||||
Alright, so a bunch of private entities have you on camera;
|
||||
So what?
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** REVIEWED Access to Data
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:01
|
||||
:END:
|
||||
|
||||
- <1-> Data can be obtained with a warrant or subpoena
|
||||
- <2-> Data can be compromised
|
||||
- <3-> Chilling effect
|
||||
- <4-> **If you own a surveillance system, be responsible and considerate**
|
||||
- <4-> Best way to restrict data is to /avoid collecting it to begin with/
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Well one of the most obvious threats,
|
||||
should it pertain to you,
|
||||
is a warrant or subpoena.
|
||||
|
||||
Most of us aren't going to have to worry about a crime.
|
||||
Data can be compromised.
|
||||
And it isn't possible for you to audit it;
|
||||
you have no idea who has you on camera.
|
||||
|
||||
This creates a chilling effect.
|
||||
You're going to act differently in public knowing that someone might be
|
||||
watching,
|
||||
or could be watching later on if recorded.
|
||||
And some will be paranoid---you don't know if cameras are around.
|
||||
|
||||
If you have a surveillance system,
|
||||
or any sort of public-facing cameras,
|
||||
please be considerate.
|
||||
If you only care who is on your property,
|
||||
don't record the sidewalk in front of your house.
|
||||
Or at least restrict motion detection to your property.
|
||||
The best form of privacy is to avoid having the data be collected to begin
|
||||
with.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
*** LACKING Internet of Things [0/4]
|
||||
**** DRAFT Internet-Connected Cameras
|
||||
**** REVIEWED Domain Awareness System (Intro) :B_fullframe:
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:30
|
||||
:BEAMER_env: fullframe
|
||||
:END:
|
||||
|
||||
- Cameras used to be ``closed-circuit''
|
||||
- Today\ldots not always so much
|
||||
#+BEGIN_CENTER
|
||||
#+BEGIN_LATEX
|
||||
\only<1>{What if all those cameras---including private---were connected?}
|
||||
\only<2>{NYPD---Domain Awareness System}\cite{nyc:pspg}
|
||||
\only<3>{
|
||||
#+END_LATEX
|
||||
#+BEGIN_QUOTE
|
||||
Although NYPD documents indicate that the system is specifically designed
|
||||
for anti-terrorism operations, any incidental data it collects ``for a
|
||||
legitimate law enforcement or public safety purpose'' by DAS can be
|
||||
utilized by the police department.\cite{fast:das}
|
||||
#+END_QUOTE
|
||||
#+LATEX: }
|
||||
#+END_CENTER
|
||||
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
...but what if law enforcement didn't have to go door-to-door?
|
||||
|
||||
Let's talk about the NYPD's Domain Awareness System.
|
||||
|
||||
It was designed in part from the usual unjustifiable and irrational response
|
||||
to terrorism threats after 9/11.
|
||||
But any ``incidental data'' can be used by law enforcement.
|
||||
Yeah, sounds familiar; business as usual.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** REVIEWED Domain Awareness System
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:01
|
||||
:END:
|
||||
|
||||
- <1-> Partnership between the NYPD and Microsoft at a cost of $230M
|
||||
in\nbsp{}2013\cite{reuters:nypd-das,nyc:pspg}
|
||||
- <1-> Surveillance cameras, license plate readers, radiation detectors,
|
||||
911\nbsp{}system, criminal records, \ldots
|
||||
- <2-> \gt 6,000 surveillance cameras, $2\over 3$ private
|
||||
businesses\cite{reuters:nypd-das,pbs:nova:boston}
|
||||
- <3-> Database of over 16\nbsp{}million plates,
|
||||
every car going into Lower Manhatten\cite{reuters:nypd-das,pbs:nova:boston}
|
||||
- <4-> Can search in seconds for terms like
|
||||
``red baseball cap''\cite{reuters:nypd-das,pbs:nova:boston}
|
||||
- <4-> Detects ``suspicious behaviors'' like unattended bags and
|
||||
circling cars\cite{reuters:nypd-das,pbs:nova:boston}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
The Domain Awareness System is a partnership between Microsoft and the NYPD.
|
||||
It's mammoth.
|
||||
It's pretty amazing---it's like science fiction.
|
||||
But I care about privacy,
|
||||
so instead I'm going to use adjectives like ``Orwellian''.
|
||||
|
||||
It contains over six thousand security cameras,
|
||||
over two-thirds of which are private closed-circuit cameras.
|
||||
It includes license plate readers that record everyone going into Lower
|
||||
Manhattan, along with a database of over sixteen million license plates.
|
||||
It can search in seconds for very specific terms,
|
||||
like ``red baseball cap'',
|
||||
and it can monitor for suspicious behaviors,
|
||||
like unattended bags,
|
||||
or cars circling an area.
|
||||
If it finds an unattended bag,
|
||||
you can rewind to find who left it.
|
||||
|
||||
A lot of us are programmers---
|
||||
think about the realtime analysis of all of these frames.
|
||||
It really is a fascinating field to work in.
|
||||
But there's serious ethical concerns with how it's applied.
|
||||
|
||||
This thing also integrates the 911 system, radiation detectors, criminal
|
||||
records, etc.
|
||||
|
||||
This is the direction we're heading in---
|
||||
these things will only spread.
|
||||
In fact,
|
||||
the NYPD will get 30% of the profits from selling it to others.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** DEVOID Automated License Plate Readers (ALPRs)
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00
|
||||
:END:
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
So before we leave the topic of government surveillance for a little bit,
|
||||
I want to talk about automated license plate readers.
|
||||
These things are a widespread, nasty threat to privacy,
|
||||
and they don't need a sophisticated Domain Awareness System to deploy.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
*** DRAFT Internet of Things [0/4]
|
||||
**** REVIEWED Internet-Connected Cameras
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:45
|
||||
:END:
|
||||
|
||||
#+BEGIN_CENTER
|
||||
#+BEAMER: \only<1>{Cameras used to be ``closed-circuit''}
|
||||
#+BEAMER: \only<2>{Today\ldots not always so much}
|
||||
#+END_CENTER
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
In the past, these cameras were "closed-circuit"---
|
||||
they were on their own segregated network.
|
||||
You'd _have_ to subpoena the owner,
|
||||
You'd _have_ to subpoena the owner or get a warrant,
|
||||
or otherwise physically take the tape.
|
||||
|
||||
Today, that might be the intent, but these cameras are often
|
||||
Today...that might be the intent, but these cameras are often
|
||||
connected to the Internet for one reason or another.
|
||||
It might be intentional---to view the camera remotely---or it may just be
|
||||
how it is set up by default.
|
||||
It might be intentional---to view the camera remotely or on a device---or it
|
||||
may just be how the camera is set up by default.
|
||||
|
||||
Well...
|
||||
Let's expand our pool of cameras a bit.
|
||||
|
@ -701,14 +710,17 @@ Home security systems.
|
|||
Baby monitors.
|
||||
#+END_COMMENT
|
||||
|
||||
**** LACKING The ``S'' In IoT Stands For ``Security''
|
||||
**** REVIEWED The ``S'' In IoT Stands For ``Security''
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:01:30
|
||||
:DURATION: 00:01
|
||||
:END:
|
||||
|
||||
- Shodan---IoT search engine
|
||||
- Mirai
|
||||
- ...<other concerns>
|
||||
- <1-> Shodan---IoT search engine\cite{shodan}
|
||||
- <2-> You'll also find other interesting things. Secure your databases.
|
||||
\cite{krebs:mongodb}
|
||||
- <2-> Can search for specific devices
|
||||
- <2-> If you are vulnerable, someone will find you
|
||||
- <3-> Top voted search was ``Webcam'' when I was writing this slide
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Who here has heard of Shodan?
|
||||
|
@ -716,65 +728,135 @@ Who here has heard of Shodan?
|
|||
Shodan is a search engine for the Internet of Things.
|
||||
It spiders for Internet-connected devices and indexes them.
|
||||
Okay, that's to be expected.
|
||||
Maybe that wouldn't be a problem if people knew proper NAT configuration
|
||||
that isn't subverted by UPnP.
|
||||
Maybe it wouldn't be a problem if these devices even gave a moment of
|
||||
Maybe that wouldn't be a problem if NAT configuration weren't subverted by
|
||||
UPnP.
|
||||
Or maybe it wouldn't be a problem if these devices even gave a moment of
|
||||
thought to security.
|
||||
|
||||
It also indexes other interesting things.
|
||||
For example,
|
||||
it was used to find unsecured MongoDB instances so that the attackers
|
||||
could hold data for ransom.
|
||||
Secure your databases.
|
||||
|
||||
So people can find your stuff.
|
||||
If an attacker knows that some device is vulnerable,
|
||||
Shodan can be used to search for that device.
|
||||
|
||||
At the time I was writing this,
|
||||
the top voted search under "Explore" was "Webcam".
|
||||
Followed by "Cams", "Netcam", and "default password".
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** DEVOID Who's Watching?
|
||||
**** DRAFT Who's Watching?
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:30
|
||||
:END:
|
||||
|
||||
- Insecam
|
||||
- <Add information>
|
||||
- Insecam is a directory of Internet-connected surveillance
|
||||
cameras\cite{insecam}
|
||||
- Live video feeds (browser connects directly to cameras)
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
But Shodan isn't the only thing out there.
|
||||
Anyone heard of Insecam?
|
||||
|
||||
It's a site that aggregates live video feeds of unsecured IP cameras.
|
||||
I can tell you personally that you feel like a scumbag looking at the site.
|
||||
There's fascinating things on there.
|
||||
And sobering ones.
|
||||
And creepy ones.
|
||||
Restaurants---families eating dinner; chefs preparing food in the back.
|
||||
Public areas---beaches, pools, walkways, city streets.
|
||||
Private areas---inside homes; private businesses. Hotel clerks sitting
|
||||
behind desks on their cell phones. Warehouses.
|
||||
Behind security desks.
|
||||
Behind cash registers.
|
||||
Hospital rooms.
|
||||
Inside surveillance rooms where people watch their surveillance system!
|
||||
With armed guards!
|
||||
Scientific research: people in full dress performing experiments.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** DRAFT Insecam Example 1 :B_fullframe:
|
||||
:PROPERTIES:
|
||||
:BEAMER_env: fullframe
|
||||
:END:
|
||||
|
||||
#+BEGIN_CENTER
|
||||
#+ATTR_LATEX: :height 1in
|
||||
[[./images/insecam-01.png]]
|
||||
#+LATEX: \hspace{0.1in}
|
||||
#+ATTR_LATEX: :height 1in
|
||||
[[./images/insecam-06.png]]
|
||||
|
||||
#+ATTR_LATEX: :height 1in
|
||||
[[./images/insecam-03.png]]
|
||||
#+LATEX: \hspace{0.1in}
|
||||
#+ATTR_LATEX: :height 1in
|
||||
[[./images/insecam-05.png]]
|
||||
#+END_CENTER
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Here are some examples.
|
||||
I blurred any identifying features for privacy.
|
||||
|
||||
We have surveillance rooms where people watch their surveillance system!
|
||||
Inception-kinda thing going on here.
|
||||
Also doesn't help that they are watching the TV on the wall too.
|
||||
|
||||
There's many public swimming pools.
|
||||
|
||||
Elevator are awkward enough to begin with.
|
||||
How about someone watching you in such a vulnerable space?
|
||||
|
||||
A photolithography lab.
|
||||
#+END_COMMENT
|
||||
|
||||
**** DRAFT Example 2 :B_fullframe:
|
||||
:PROPERTIES:
|
||||
:BEAMER_env: fullframe
|
||||
:END:
|
||||
|
||||
#+BEGIN_CENTER
|
||||
#+ATTR_LATEX: :height 1in
|
||||
[[./images/insecam-02.png]]
|
||||
#+LATEX: \hspace{0.1in}
|
||||
#+ATTR_LATEX: :height 1in
|
||||
[[./images/insecam-04.png]]
|
||||
#+END_CENTER
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
If you thought those were personal.
|
||||
|
||||
Inside hospital rooms.
|
||||
This patient has an ice pack strapped to the side of her face.
|
||||
|
||||
How about inside someone's home?
|
||||
This looks to be a bedroom.
|
||||
There is a family photo on the wall that's in view.
|
||||
|
||||
I saw someone at the dentist getting a teeth cleaning.
|
||||
Anything you can think of.
|
||||
You can literally explore the world.
|
||||
There are some beautiful sights! Absolutely gorgeous.
|
||||
They remove things that are too deeply personal.
|
||||
Assuming someone reports it.
|
||||
I didn't copy that photo at the time.
|
||||
|
||||
This is an excellent example to demonstrate to others why this is such a big
|
||||
deal.
|
||||
|
||||
So that's what your average person can do.
|
||||
That's what some of you are going to be doing as soon as you leave this
|
||||
talk, if you haven't started looking already!
|
||||
|
||||
That's what law enforcement is going to do.
|
||||
That's what the NSA, GHCQ, et. al. are going to do.
|
||||
Especially those home cameras.
|
||||
I wish I knew whose camera that was,
|
||||
so that they could be notified.
|
||||
These people are unaware.
|
||||
And these manufactuers set them up for this.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** DRAFT Facial Recognition
|
||||
**** REVIEWED Biometrics
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:01
|
||||
:DURATION: 00:00:45
|
||||
:END:
|
||||
|
||||
- <1-> Humans no longer need to scour video feeds
|
||||
- <2-> Facial recognition widely used even for entertainment
|
||||
- <3-> No face? Check your gait.
|
||||
- <1-> Humans no longer need to scour video
|
||||
feeds\cite{eff:facial-tech,churchix,facefirst,pbs:nova:boston}
|
||||
- <1-> Facial recognition widely used, even for
|
||||
mobile\nbsp apps\cite{register:fb-scan,eff:ios-photo-diff,eff:fbi-bio}
|
||||
- <2-> NYPD has a gallery of over 4M individuals\cite{pbs:nova:boston}
|
||||
- <2-> Quality can be low and pixelated; various machine learning
|
||||
algorithms\cite{pbs:nova:boston,wired:pixel-face,arxiv:google-pixel-res}
|
||||
- <3-> No face? Check your gait.\cite{ieee:gait,ijca:gait}
|
||||
- <4-> No gait? Well\ldots whatever, just ask Facebook.\cite{newsci:fb-noface}
|
||||
- <5-> Even fingerprints and iris from high-resolutions photos\cite{bio:iris}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Now let's couple that with facial recognition.
|
||||
|
@ -785,27 +867,37 @@ People don't need to manually look for you anymore;
|
|||
it's automated.
|
||||
Hell, any of us can download a free (as in freedom) library to do facial
|
||||
recognition and train it to recognize people.
|
||||
Facebook famously got creepy by saying it could recognize people by their
|
||||
dress and posture, from behind.
|
||||
It doesn't even have to be clear---
|
||||
there's machine learning algorithms to reconstruct pixelated faces with
|
||||
somewhat decent accuracy to be useful.
|
||||
The NYPD has over 4 million people's images in a database that they compare
|
||||
against during facial recognition.
|
||||
|
||||
You don't need facial recognition, though.
|
||||
Don't have a face?
|
||||
You can also be identified by your gait.
|
||||
No gait?
|
||||
Facebook famously got even creepier by saying it could recognize people by
|
||||
their dress, posture, and hair, without seeing their face.
|
||||
|
||||
Your fingerprints and iris data can even be extracted from high-resolution
|
||||
photos;
|
||||
a cracker used such a method to defeat Apple's TouchID by making a mould.
|
||||
|
||||
There's a lot to say about IoT.
|
||||
There's a lot more to say about IoT.
|
||||
We'll come back to it.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
*** DRAFT Social Media [0/1]
|
||||
**** DRAFT Collateral Damage
|
||||
*** REVIEWED Social Media [0/1]
|
||||
**** REVIEWED Collateral Damage
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:01
|
||||
:DURATION: 00:00:45
|
||||
:END:
|
||||
|
||||
- <1-> Don't put pictures of me on Facebook
|
||||
- <1-> Don't put pictures of my children _anywhere_
|
||||
- <2-> That person in the distance that happens to be in your photo has
|
||||
been inflicted with collateral damage
|
||||
- <1-> Please don't put pictures of me on Facebook\cite{rms:facebook}
|
||||
- <1-> Don't put pictures of my children _anywhere_\cite{techcrunch:fb-baby}
|
||||
- <2-> That person in the distance is collateral
|
||||
damage\cite{register:fb-scan,guardian:fb-scan,pbs:nova:boston}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
So you don't have any unsecured IoT cameras in your home.
|
||||
|
@ -815,10 +907,6 @@ But you do have unsecured people running wild with their photos and their
|
|||
|
||||
I'm sure you've heard a frequent request/demand from rms:
|
||||
"Don't put pictures of me on Facebook."
|
||||
This applies to all social media, really.
|
||||
I just mentioned facial recognition---
|
||||
this is precisely what Facebook (for example) made it for!
|
||||
To identify people you might know to tag them.
|
||||
It's excellent surveillance.
|
||||
What irks me is when people try to take pictures of my kids,
|
||||
or do and ask if they can put them online.
|
||||
|
@ -841,14 +929,16 @@ If I'm off in the background when you take a picture of your friends in the
|
|||
:BEAMER_env: fullframe
|
||||
:END:
|
||||
|
||||
- Do you drive a vehicle?
|
||||
#+BEGIN_CENTER
|
||||
Do you drive a vehicle?
|
||||
#+END_CENTER
|
||||
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Okay.
|
||||
So you have no phone.
|
||||
You sneak around public areas like a ninja.
|
||||
Like a vampire, you don't show up in photos.
|
||||
You don't show up in photos like a vampire.
|
||||
And you have no friends.
|
||||
|
||||
So how else can I physically track you in your travels here?
|
||||
|
|
Loading…
Reference in New Issue