Privacy Potpourri: Homeland Security inserts itself into local sex trade, and more

Privacy headlines popped in January like champagne corks on New Year’s Eve. Here are a few highlights, starting in Reno, where nine hapless SOBs were snagged by a law enforcement team including agents of the U.S. Department of Homeland Security, for attempting to purchase unspecified sexual services on the street.

Recall that the mission of Homeland Security was supposed to be preventing actual breaches of homeland security. The DHS website gives only the barest hint of the mission creep that has it preventing transactional sex between Reno street hookers and their prospective customers.

Here’s the department’s “vital mission.”

“…to secure the nation from the many threats we face. This requires the dedication of more than 240,000 employees in jobs that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility inspector. Our duties are wide-ranging, but our goal is clear – keeping America safe.”

The Sparks Crime Suppression Team, apparently finding no crime to suppress in its own city, was on hand to help Reno PD and the feds with the six-hour sting, as were workers from the Washoe County Health Department, who performed mandatory HIV tests. Florence Nightingale must be smiling in heaven.

The first weeks of 2015 also revealed that at least 50 American law enforcement agencies have been secretly using a hand-held radar device to perform surveillance of human activity inside of homes, despite a U.S. Supreme Court ruling requiring a warrant for similar searches that rely on thermal readers to detect heat behind the walls of buildings.

The radar devices were designed for military use, to spot human presence inside buildings by detecting movements as subtle as breathing, reports USA Today.

The 10th Circuit Court of Appeals upheld a search by U.S. Marshals using the device, but noted that it raises “many questions.”

Speaking of invasive technology with ostensibly benign intentions, the National Science Foundation is paying a professor $50,000 to develop a facial recognition app that monitors student attendance at college lectures. The developer teaches at Missouri University of Science and Technology. He uses his smart phone to take a video of students in the lecture hall. His finished product will automatically take attendance by applying a facial recognition algorithm to the video.

The rationale for this NSF investment is that attendance is the best predictor of graduation rates, and that students who don’t graduate are less able to pay off their student loan debt. No word on the controlling classroom policy when an adult student declines to have his image captured on his prof’s phone.

The private sector has a solution, too. The Class120 app costs $199. Installed on the student’s own smartphone, it overlays geolocation data with campus maps, notifying parents if the phone is not in the right classroom at the right time of day. Nothing wrong with that, if the parents and the students agree on it. But here’s the kicker from the Wall Street Journal:

“As online interactions have grown, schools have realized they have a trove of new data to look at, such as how much a student is accessing the syllabus, taking part in online discussions with classmates and reading assigned material. Such technology “shows faculty exactly where students are interacting outside as well inside the classroom…”

Then there’s the insurance company that promised a discount to drivers who allow it to digitally monitor driving habits. Progressive Insurance has distributed two million dongles that port into the OBD (on-board diganostics) console, which is the electronic communication center for the moving components of the car. The dongle monitors brakes, acceleration and other readings, including mileage and time of day, creating a record of the driver’s vehicle usage.

Seems that a skilled hacker can use the the dongle to get into the vehicle’s core systems, according to a Forbes interview with security researcher Corey Thuen, who discovered that he could unlock doors and gather information about his truck’s engine by hooking up his laptop to the dongle. Says Theun:

“It (the dongle) has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols, possibly putting the lives of people inside the vehicle in danger.”

Safety implications aside, the driver information itself is vulnerable. It would be a piece of cake to intercept the dongle’s transmissions to Progressive, and to steal, erase, or alter the data, with potentially serious and possibly irrevocable consequences for the driver.  Happy New Year!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s