Surveil-links March 9, 2021: China Brings Surveillance to the Living Room, Tech Company is Providing Nation-wide License Plate Readers, and more
Here are this week’s surveil-links: reading and summarizing the latest news in digital privacy so you don’t have to.
You can easily, and slightly more privately, navigate to each link by browsing to “surveil.link/” followed by the link’s corresponding number. For example, surveil-link #12 can be found at surveil.link/12.
According to the Washington Post, law enforcement officers across the U.S. made over 20,000 requests to Amazon's Ring last year for footage captured by their doorbell cameras installed in consumer homes. One such instance was covered in surveil-link #34. Michael D'Angelo, a retired captain with South Miami police, told the Post that the ubiquitous adoption of the cameras have "given us a profound amount of evidence for crimes that used to fall by the wayside. But we didn’t put as much thought into how these systems could be used against us."
In August of last year, the Intercept reported on a leaked FBI memo that indicated the agency sees the chance of the cameras catching their faces as "a risk to their present and future safety." D'Angelo suggested that police use "WiFi jammers" to inhibit the use of the doorbells while police are on site. The Post also points to another FBI document in which a search was thwarted by home surveillance because the agents worried the suspect would detect their presence.
Surveil-link #76: Walgreen's, CVS, and Walmart leverage vaccine distribution to generate more surveillance capital
The Wall Street Journal reports on the lengths patients must go through to get the COVID vaccine at Walgreen's, CVS, and Walmart, and the effects that may have on their privacy. As many privacy advocates pointed out on Twitter, the opening line of the article pretty much sums it all up: "Administering Covid-19 vaccines comes with a valuable perk for retail pharmacies: access to troves of consumer data." All three of the companies are part of a federal program to expedite the distribution of the vaccine, and all three require vaccine patients to have accounts of their websites. The article states that "the retailers say they are using the information to promote their stores and services, tailor marketing and keep in touch with consumers."
CVS reports that eight million people who were tested for COVID in their facilities were not CVS customers previously. The COO of CVS told the Journal, "Every one of these customers is coming through our digital front end, so we have their email, we have their text message, and we have the ability to communicate with them regularly." CVS also said they are actively encouraging those new customers to sign up for their rewards program while they wait. The other two retailers are taking similar approaches.
Surveil-link #77: Google says it will stop tracking users based on browsing history. The EFF calls their bluff.
Last week, Google announced that once its Chrome browser phases out third-party cookies, they "will not build alternate identifiers to track individuals as they browse across the web." Instead, they will place users in "cohorts" of people that appear to have a similar interests and target ads to those cohorts rather than individuals. If that sounds only slightly better, it's because at first glance it is, and the EFF argues that it will do little to make the current privacy woes of targeted advertising go away.
Surveil-link #78: Myanmar military using surveillance tech acquired under democratic rule to assist in coup
The New York Times reports on the surveillance technology being used by the Myanmar military as they further their control over the country. Much of the tech was obtained by the military under the country's previous government from many western companies. “Even under a civilian government, there was little oversight of the military’s expenditure for surveillance technology,” said Ko Nay Yan Oo, a researcher with knowledge of the Myanmar military. As the Times puts it: "Hundreds of pages of Myanmar government budgets for the last two fiscal years viewed by The New York Times show a voracious appetite for the latest in military-grade surveillance technology."
Many post-coup arrest warrants viewed by the Times show the police using social media posts and the "individual addresses of their internet hookups to find where they live." Such a tactic would be trivial for law enforcement in the United States, but according to the Times, "Such detective work could only have been carried out by using specialized foreign technology, according to experts with knowledge of Myanmar’s surveillance infrastructure."
Vendors of the technology apparently being used, such as Israel's Cellebrite and Sweden's MSAB, pulled their business dealings out of Hong Kong when it became clear their technologies were being used in abuses of human rights. And according to them, they have done so in Myanmar as well. Cellebrite claims to have stopped selling there in 2018 and doesn't sell in countries sanctioned by the U.S. EU, U.K., or Israeli governments. But it appears that the acquisition of their tech by Myanmar military may be happening through third-party intermediaries.
Motherboard reported last week on the Total Analytics Law Officers Network, or TALON, a network of surveillance cameras equipped with software that can automatically read car license plates and identify which cars are in a given neighborhood. The cameras are sold by Flock, a company started in 2017 by Garrett Langley, a victim of property crime determined to "eliminate crime." The company advertises their product in the name of safety to public and private entities alike including police departments, home owners associations, and business districts. The article also cites police departments working with large stores to install the cameras in their parking lots and many police departments claim the tech has helped them catch several criminals.
But it is the nation-wide surveillance that Flock is enabling that worries privacy advocates. The TALON program allows police departments to share the cameras they have access to with the rest of the network to enable the tracking of cars across the country. One police Sargeant in Raleigh, North Carolina called it "the Ring doorbell of [license plate readers]." Flock apparently plans to roll out a feature which would allow officers to take a photo of a car and see where it has been in the TALON network. Motherboard quoted representatives from the Electronic Frontier Foundation, the ACLU, and the Technology and Social Change Research Project all voicing concerns over the impact on privacy, civil liberties, and equity the program could have.
In surveil-link #15 I detailed the cameras that Amazon has deployed to some of its delivery vehicles which capture a 270 degree view including the driver and the houses on either side of the vehicle. Well, Senators Markey, Blumenthal, Sanders, Booker, and Warren caught wind too and they're concerned. In a letter to Jeff Bezos, the company's founder and outgoing CEO, the Senators write, "We are concerned that adding further surveillance tools and monitoring could increase dangers on America’s roads, place unsafe pressure on drivers, and infringe on individuals’ privacy rights."
They go on to say, "While we applaud efforts to improve safety on the roads and decrease the plague of distracted driving, we need a better understanding of how your company will protect against potential new safety hazards stemming from increased worker surveillance." The letter concludes with a request of written answers to 15 questions pertaining to the deployment of the cameras. Bezos have until March 24 to respond.
Surveil-link #81: Tunisian students boycott final exams over increased police surveillance on campus
The General Union of Tunisian Students called for university students across Tunisia boycott their final exams in protest against increased police surveillance and interrogation, Al-Fanar Media reports. In January, students gathered to demonstrate in commemoration of the tenth anniversary of th revolution that toppled the country's former President Zine el-Abidine Ben Ali. According to Aljazeera over 1,000 were arrested and these students claim campus police have been surveilling them more heavily ever since.
The Hindu reports that the Indian Cyber Crime Coordination Centre (I4C) has begun soliciting citizens to volunteer as "Cyber Crime Citizens." Their job will be to notifcy the agency of illegal online content. The program is currently being tested with plans to be deployed across the entire country.
The Hindu notes that this type of surveillance takes away the hierarchical power dynamic that typically comes when citizens are being watched by the government. Instead, this form of lateral surveillance removes any clear imbalances of power and has been employed in society for a long time. But the Hindu warns that problems arise when it is state sponsored, such as this. The Hindu argues that it "creates a culture of hate, fear, and constant suspicion" and will further "intolerance, prejudice, xenophobia, and casteism . . . while also violating the fundamental right to privacy."
In an article entitled "At Dubai airport, travelers' eyes become their passports," the AP reports that the world's busiest airport, Dubai, has rolled out the use of iris scanners to identify travelers when entering or leaving the country. The transaction requires no human interaction, making it attractive in the midst of a global pandemic, but it has rightly raised privacy concerns, especially having been deployed in a country with the most surveillance cameras in the world and a history of deploying spyware on journalists and activists phones.
The privacy statement around the technology simply states that the passenger data, including their passport and flight information will be retained "as long as it is reasonably necessary for the purposes for which it was collected." It offered little information about how that data will be stored. Dubai's immigration office claims it "completely protects" the data, but that has many privacy and surveillance experts raising an eyebrow.
Last month, the Cambodian government adopted a decree that will establish a new gateway that all the country's internet traffic will passthrough. A group of activists wrote a statement expressing concerns that the gateway will "[facilitate] monitoring and surveillance of internet activity, [empower] the interception and censorship of digital communications, and [enable] the collection, retention and sharing of personal data, thus fundamentally threatening the rights to privacy, freedom of expression and information."
Specifically in regards to surveillance, the statement argues the government is further "[enabling] a system capable of maximum surveillance with minimum oversight, thereby bolstering Cambodia’s already over-bearing surveillance powers in violation of the right to privacy." The executive director of the Cambodian Center for Human Rights, Chak Sopheap, noted the following on Twitter:
The Cambodian government fired back arguing the concerns are "unfounded, politically motivated, untrue and contradictory to the objectives" of the internet gateway.
Vice reports on an investigation released by Privacy International that shows the extent that the U.K.'s agency tasked with reveiwing and distributing social security and other welfare safety nets, Department for Work and Pensions, is surveiling many claimants in attempt to find fraud. The surveillance happens by obtaining information about the subject's spending habits from private companies and even physically following them.
One such person had received treatement of a condition for which she was receiving benefits. The treatment provided intermittent relief but DWP informed her that her benefits would not change unless otherwise determined by her reassessment date, several years down the line. But months later she was called in by DWP where they presented her with data of purchases she had made and even footage of her entering a public fundraising event. One purchase they highlighted was an upgraded flight, which the subject needed due to her condition. The event they filmer her entering was for her and she couldn't stay the whole time. She left the interview in tears.
In a DWP handbook obtained and analyzed by Privacy International, it gives DWP officials permission to perform this sort of surveillance as long as it stays "covert, but not intrusive." DWP claims that Privacy International's report "grossly mischaracterises the use, and extent, of DWP powers."
The Salt Lake Tribune reports that the Utah State Senate voted unanimously in favor of a bill that would establish a state privacy officer as well as a privacy commission. The commission would review all surveillance technology requests by all states agencies for civil liberty and privacy concerns and then make a recommendation to the Legislature. This model is very similar to the one implemented in Oakland, California and that is currently being considered in many cities including San Diego, California. It comes after the state contracted with Banjo, a tech startup based in Park City, Utah, only to later find out the company had ties to white supremacist groups.
The New York Times reports that Germany's BfV intelligence agency is increasing its surveillance of the Alternative for Germany (AfD), a party with far-right sympathies that rose in prominence after Chancellor Angela Merkel allowed more than one million refugees to enter the country in 2015. Since then, it has gained representatives in all of Germany's regional assemblies and parliment. The party also opposes the European Union, supports Donald Trump, and sympathized with those that stomred the U.S. Capitol on January 6, 2021.
The AfD is the first German political party to be subject to national government surveillance since the Nazi era and plans to fight the move in court. The move was welcome by many political opponents.
Is there a Chinese equivilent to the Christian mantra of "you are your brother's keeper?" If so, the Chinese government's Sharp Eyes program take it to new extremes by placing surveillance feeds of publicly-placed cameras in the homes of ordinary citizens to surveil their neighbors and report anything they may find suspicious. According to One Zero, the program started in Pingyi County, about seven hours north of Shanghai, in 2013 but now covers close to 100% of rural areas in the country. Apparently, the program is meant to share the load from smaller police departments to citizens.
According to One Zero, "One Pingyi resident in the state media article spoke of reporting a collapsed manhole cover, while another mentioned that they had suspected a multilevel marketing scheme happening in a nearby building."
Other notable links
Surveil-link #92: New York Time Editorial Board calls for "comprehensive federal privacy legislation" requiring users to opt-in sharing their information. Calls Apple's new privacy prompts a "welcome change."
If you enjoyed today’s surveil-links, there are three ways to support Surveillance Today:
Tell your friends and family about it.
Buy some merch.
If you haven’t already, subscribe! What are you waiting for?