Here are a few stories that were published while I was on break concerning security and privacy issues related to the CIA, biometrics, voicemail and air travel.
Associated Press: NYPD confirms CIA officer works at department
New York’s police commissioner confirmed Thursday that a CIA officer is working out of police headquarters there, after an Associated Press investigation revealed an unusual partnership with the CIA that has blurred the line between foreign and domestic spying. But he and the CIA said the spy agency’s role at the department is an advisory one.
Speaking to reporters in New York, commissioner Raymond Kelly acknowledged that the CIA trains NYPD officers on “trade craft issues,” meaning espionage techniques, and advises police about events happening overseas. Kelly also said he was unaware of any other U.S. police department with a similar relationship with the CIA. […]
CIA spokeswoman Jennifer Youngblood said the agency does not spy inside the United States and also described the relationship with the CIA as collaborative. […]
A months-long investigation by the AP, published Wednesday, revealed that the NYPD has dispatched teams of undercover officers, known as “rakers,” into minority neighborhoods as part of a human mapping program, according to officials directly involved in the program. They’ve monitored daily life in bookstores, bars, cafes and nightclubs. Police have also used informants, known as “mosque crawlers,” to monitor sermons, even when there’s no evidence of wrongdoing. NYPD officials have scrutinized imams and gathered intelligence on cab drivers and food cart vendors, jobs often done by Muslims.
Many of the operations were built with help from the CIA, which is prohibited from spying on Americans but was instrumental in transforming the NYPD’s intelligence unit after the September 2001 terror attacks.
The NYPD denied that it trolls ethnic neighborhoods and said it only follows leads. […]
The disclosures about the NYPD’s activities provoked exasperation in the city’s Muslim neighborhoods, where government officials have sought to build relationships in Muslim communities and pledged to ensure that Muslims aren’t targeted for discrimination.
The federal government announced last year it would develop a passenger-behaviour observation program to detect terrorists.
Officers of the Canadian Air Transport Security Authority would be on the lookout for suspicious actions at air terminals, such as a traveller wearing a heavy coat on a hot day, or sweating profusely.
Privacy Commissioner Jennifer Stoddart says she’s not convinced the techniques will actually help screening officers zero in on genuine threats.
“There is a huge possibility for arbitrary judgments to come into play,” Stoddart said in an interview with The Canadian Press. […]
Stoddart’s office has been closely monitoring a six-month pilot project carried out by the air-security authority at the Vancouver airport to test the passenger observation concept. […]
In May last year, just months after Canada embarked on the project, the U.S. Government Accountability Office questioned the very basis of a behaviour screening program run by the American Transportation Security Administration since 2003.
It noted the U.S. National Research Council’s view that there is no scientific consensus on whether behaviour detection principles can be reliably used for counter-terrorism purposes.
New York Times: Your Voice Mail May Be Even Less Secure Than You Thought
For all of the palace intrigue recently about who in Rupert Murdochâ€™s News Corporation kingdom knew what about phone hacking when, one fundamental question about the scandal has gone mostly unanswered:
Just how vulnerable are everyday United States residents to similarly determined snoops? The answer is, more than you might think.
AT&T, Sprint and T-Mobile do not require cellphone customers to use a password on their voice mail boxes, and plenty of people never bother to set one up. But if you donâ€™t, people using a service colloquially known as caller ID spoofing could disguise their phone as yours and get access to your messages. This is possible because voice mail systems often grant access to callers who appear to be phoning from their own number.
Meanwhile, as Edgar Dworsky, a consumer advocate who founded ConsumerWorld.org, discovered recently, someone armed with just a bit of personal information about a target can also gain access to the automated phone systems for Bank of America and Chase credit card holders.
GovInfoSecurity: Facial Biometrics Pose Privacy Woes
Facial recognition technology could prove to be an effective way to authenticate individuals seeking entry to secured buildings or databases storing sensitive information. But the biometric technology already is being abused, and IT security managers employing facial recognition should be careful to encrypt the biometric data, cautions a privacy rights leader.
“If they back up those applications with good, solid privacy policies and practices, they’ll be in good shape,” Beth Givens, founder and director of the Privacy Rights Clearinghouse, says in an interview with Information Security Media Group […]
Givens says the danger of privacy loss is a major problem with facial recognition technology. She cites a Carnegie Mellon University study in which using only a photo of a person’s face and information publicly available online, researcher identified the person’s birth date, personal interests and Social Security number. […]
In the interview, Givens explains that use of facial recognition technology could:
- Violate privacy rights by not getting an individual’s consent.
- Result in unequal treatment of consumers by businesses.
- Encourage stalking and violence.