Showing posts with label surveillance. Show all posts
Showing posts with label surveillance. Show all posts

Monday, September 2

Pranksters

Dutch-Iranian filmmaker Bahram Sadeghi called the National Security Agency for assistance in tracking down an email that had been accidentally deleted, as described by Brian Fung in the Washington Post. The first NSA staffer was professional, going beyond the call of duty, patiently explaining that the agency could not help.

"We're not going to be able to retrieve something that you deleted. That's not what we do." He then goes on to explain that he was born in Iran, and perhaps is "a person of interest for NSA."  She insisted that is not what NSA does, and repeatedly asked for the caller's name and server. When Sadeghi requests additional assistance, the next NSA staffer is stern, no-nonsense and quickly disconnects the prank call.

Expect other pranksters, comedians or the loose-knit members of Anonymous to soon pile on with ridiculous calls and emails. Jokers claiming to be Iranian, Pakistani or Ohioan will include phrases designed to capture attention, with the hopes of overwhelming the surveillance machine. A small group working non-stop for a few hours, could send out thousands of notes to other email users with a cryptic phrase along the lines, "The attack begins 5 pm Friday..," referring to a marketing campaign, party or some other event. While it might be regarded as sedition for citizens to thwart their own nation's security apparatus, in a global world of communications, those opposed to surveillance could organize - US citizens prank-calling Britain's M16 or GCHQ or China's MSS just as a Dutch-Iranian filmmaker reached out to the NSA.

Recipients of calls or emails would have to be friends or acquaintances, at least in the United States. For example, the terms of agreement for most ISP accounts prohibit spam. "Federal law says that some spam may be lawful," according to attorney Timothy Walton on Internet Law Radio.  "Congress, in passing the CAN-Spam Act [of 2003], said that it is lawful to send spam if it does not run afoul of the specifics of the law, which generally means that it’s not deceptive, false or misleading." Successful suits by the internet service providers or the FTC could impose penalties per message sent, though the law is not widely enforced.

We can expect the NSA debacle to lead to new enforcement, language, secretive behaviors and efforts to maintain privacy of email addresses, along the lines of do-not-email lists, such as the US Do-Not-Call Registry, started in 2003 and already used by many telephone customers or unlisted numbers. Businesses will emerge to provide - or claim to provide - the desired phone numbers or emails.  

Federal law in the United States allows recording of phone calls and other electronic communications with the consent of at least one party to the call, according to a fact sheet on "Wiretapping and Eavesdropping on Telephone Calls" from the Privacy Rights Clearinghouse. Telephone company and employers can listen to and record your calls as well. "To stay within the law, you may wish to refrain from taping calls you make, but be aware that in certain situations others may be recording your conversations with them," the fact sheet advises.

Who's at risk for illegal wiretapping?  According to the fact sheet, those who are "in a position where others might benefit from listening" to the calls: high-stakes corporate, political or legal organizers or planners.

The Can-Spam Act of 2003 and Do Not Call Registry offer guidelines on sending behavior compliance but neglect receiver compliance. In July of 2003, I described the public frustration with telemarketing calls and spam in an opinion essay for the Hartford Courant, "Running Rings Around Telemarketers":  

One day, after our family dinner was interrupted by the third telemarketing call, I recognized an opportunity. At first, I let my voice catch, telling the telemarketer that I was unemployed and losing my home But I quickly realized the need for a better line after the eager salesman assured me that my credit was still in good standing....

'Every telemarketer has their favorite story about the tough customer, the funny customer,' says Tim Searcy, executive director of the American Telemarketers Association.... Searcy also says that telemarketers are trained to handle difficult calls with a polite farewell and an end to the connection.

I was cut from the list of companies selling long-distance telephone services, after callers asked to speak to the decison-maker of the household and I explained that our decision-maker was Bimp, the cat. My offer to translate was politely declined.

At the time, I wrote that consumers can't depend on lists and laws to protect them. Lists are ignored and laws are broken.

Many are determined to prove that mass surveillance is pointless and a waste of money. As Chris Chambers warns in the Guardian, "a warning: indiscriminate intelligence-gathering presents a grave risk to our mental health, productivity, social cohesion, and ultimately our future."

Citizens irritated about telemarketing or surveillance will find ways to needle the unwanted callers, spammers or listeners with uncivil language or acts of civil disobedience.

Wednesday, August 21

Privacy

At least one major telecommunications firm - the one I depend on - has changed its privacy policy to advise customers that they must comply with government requests to collect our connections and data.  The privacy policy was updated soon after a former National Security Agency contract worker exposed secret surveillance programs involving telecommunications firms.

Siobahn Gorman and Jennifer Valentino-DeVries report for the Wall Street Journal: 

"The National Security Agency - which possesses only limited legal authority to spy on U.S. citizens - has built a surveillance network that covers more Americans' Internet communications than officials have publicly disclosed, current and former officials say. The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence.... The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies. Blarney, for instance, was established with AT&T Inc., T -0.92%former officials say."

So I called AT&T today, introduced myself as a customer and asked if my data had been passed on to the NSA. My call was forwarded to the president's office and customer service.

"Customer service has no way of finding this out," responded the young man. "This is way beyond the scope of customer service." He added it was his understanding that the company was complying to "a legal request" of a government agency.  "The company has no choice but to participate and we can't share with you the level of participation."

As explained in previous blog entries, a mystery author who researches and writes about Afghanistan and terrorism and women's rights has reason to be concerned about compromised data and content. Notably, the new contract with my publisher prohibits submission of manuscripts by email and requests submission by physical disk and mail. Authors, business owners and anyone who prepares creative content can no longer trust that their trade and creative secrets are safe from government prying or abuse of unscrupulous government employees.  

The privacy policy is an eyeopener:

We may provide Personal Information to non-AT&T companies or other third parties for purposes such as:
  • Responding to 911 calls and other emergencies;
  • Complying with court orders and other legal process;
  • To assist with identity verification, and to prevent fraud and identity theft;
  • Enforcing our agreements and property rights; and
  • Obtaining payment for products and services that appear on your AT&T billing statements
 The policy also points out it collects "anonymous and aggregate data" from customers on its own, separate from government surveillance requests:

  • We collect some information on an anonymous basis. We also may anonymize the personal information we collect about you.
  • We obtain aggregate data by combining anonymous data that meet certain criteria into groups.
  • When we employ non-AT&T companies to anonymize or aggregate data on our behalf, the requirements for sharing Personal Information with non-AT&T companies apply.
  • We may share aggregate or anonymous information in various formats with trusted non-AT&T entities, and may work with those entities to do research and provide products and services.

The policy also allows the company to keep "information about you in our business records while you are a customer, or until it is no longer needed for business, tax, or legal purposes." We cannot say we weren't warned, and we deserve as much for years of ignoring terms of agreement for software and services.

One contradictory aspect of the policy, though, is under the section on Customer Privacy Controls and Choices: "You can review and correct your Personal Information collected by us."  But how can we manage that if the company is prohibited from telling us what is being collected and how it is interpreted?


In calling AT&T corporate offices, the phone message responds: "Our vision is to connect people with their world and to do it better than anyone else."

AT&T: Your World Delivered. To the NSA?