Dave Emory’s entire lifetime of work is available on a flash drive that can be obtained HERE. The new drive is a 32-gigabyte drive that is current as of the programs and articles posted by the fall of 2017. The new drive (available for a tax-deductible contribution of $65.00 or more.)
WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.
You can subscribe to e‑mail alerts from Spitfirelist.com HERE.
You can subscribe to RSS feed from Spitfirelist.com HERE.
Please consider supporting THE WORK DAVE EMORY DOES.
This broadcast was recorded in one, 60-minute segment.
Introduction: In this program, we resume discussion and analysis of the consummately important recent book Surveillance Valley: The Secret Military History of the Internet by Yasha Levine. In the previous program, we noted, among other points of analysis, the decisive role of Eddie “The Friendly Spook” Snowden in promoting the intelligence-agency crafted Tor network.
In addition to Tor, the Open Technology Fund (read “CIA”) helped finance the Signal app for mobile phones. It, too, is fundamentally compromised. ” . . . . . . . . The Tor project remained the best-known privacy app funded by the Open Technology Fund, but it was quickly joined by another: Signal, an encrypted mobile phone messaging app for the iPhone and Android. . . .”
Not surprisingly, the CIA’s Eddie “The Friendly Spook” Snowden was a big promoter of Signal, as well as Tor: ” . . . . People at the ACLU claimed that Signal made federal agents weep. The Electronic Frontier Foundation added Signal alongside Tor to its Surveillance Self-Defense guide. Fight for the Future, a Silicon Valley-funded privacy activist organization, described Signal and Tor as ‘NSA-proof’ and urged people to use them. Edward Snowden was the combo’s biggest and most famous booster and repeatedly took to Twitter to tell his three million followers that he used Signal and Tor every day, and that they should do the same to protect themselves from government surveillance. ‘Use Tor, Use Signal,’ he tweeted out.
“With endorsements like these, Signal quickly became the go-to app for political activists around the world. Egypt, Russia, Syria, and even the United States—millions downloaded Signal, and it became the communication app of choice for those who hoped to avoid police surveillance. Feminist collectives, anti-President Donald Trump protesters, communists, anarchists, radical animal rights organizations, Black Lives Matter activists—all flocked to Signal. Many were heeding Snowden’s advice: ‘Organize. Compartmentalize to limit compromise. Encrypt everything, from calls to texts (use Signal as a first step.)’ . . . .”
Yasha Levine sums up the fundamental contradictions inherent in this dynamic: ” . . . . If you stepped back to survey the scene, the entire landscape of this new Internet Freedom privacy movement looked absurd. Cold War-era organizations spun off from the CIA now funding the global movement against government surveillance? Google and Facebook, companies that ran private surveillance networks and worked hand in hand with the NSA, deploying government-funded privacy tech to protect their users from government surveillance? Privacy activists working with Silicon Valley and the US government to fight government surveillance—and with the support of Edward Snowden himself? . . . .”
Following Snowden’s promotion of OTF’s Tor and Signal technologies, OTF was at a zenith: ” . . . . After Edward Snowden, OTF was triumphant. It didn’t mention the leaker by name in its promotional materials, but it profited from the crypto culture he promoted and benefited from his direct endorsement of the crypto tools it financed. It boasted that its partnership with both Silicon Valley and respected privacy activists meant that hundreds of millions of people could use the privacy tools the US government had brought to market. And OTF promised that this was just a start: ‘By leveraging social network effects, we expect to expand to a billion regular users taking advantage of OTF-supported tools and Internet Freedom technologies by 2015. . . .’
As eventually became clear, the Tor network was easily breached. It is a safe bet that the fascists grouped around the Pirate Bay site (on which WikiLeaks held forth), had breached Tor’s “secrecy,” in addition to the obvious fact that intelligence services could penetrate it at will.
With this in mind, John Young’s rumination about WikiLeaks sound more and more substantive.
In all probability, WikiLeaks was a huge data mining operation both by the very intelligence agencies who were ostensibly targeted by WikiLeaks, and the Fascist International network around Carl Lundstrom, Daniel Friberg, David Duke et al.
In FTR #‘s 756 and 831 we noted Snowden’s fascist views and connections. Levine merely characterizes him as a “right-wing libertarian,” but there is MUCH MORE TO IT THAN THAT!
Snowden downplayed the fundamental role of the Big Tech firms in aiding and abetting government surveillance, in addition to their own massive surveillance and resultant data mining. ” . . . . There, while living under state protection at an undisclosed location in Moscow, he swept Silicon Valley’s role in Internet surveillance under the rug. Asked about it by Washington Post reporter Barton Gellman, who had first reported on the NSA’s PRISM program, Snowden shrugged off the danger posed by companies like Google and Facebook. The reason? Because private companies do not have the power to arrest, jail, or kill people. ‘Twitter doesn’t put warheads on foreheads,’ he joked. . . .”
Embodying his “corporatist” and Technocratic Fascist point of view, Snowden championed the Big Tech firms as bulwarks against government Internet surveillance, despite the only-too-obvious fact (reinforced by the documents he leaked) that Big Tech is–and always has been–in bed with, and actively collaborating with, the very government intelligence agencies conducting that surveillance: ” . . . . The only islands of safety were the private data centers controlled by private companies—Google, Apple, Facebook. These were the cyber-fortresses and walled cities that offered sanctuary to the masses. In this chaotic landscape, computer engineers and cryptographers played the role of selfless galloping knights and wizard-warriors whose job was to protect the weak folk of the Internet: the young, the old and infirm, families. It was their duty to ride out, weapons aloft, and convey people and their precious data safely from fortress to fortress, not letting any of the information fall into the hands of government spies. He called on them to start a people’s privacy war, rallying them to go forth and liberate the Internet, to reclaim it from the governments of the world. . . .”
The nauseating head of Facebook–Mark Zuckerberg–has decried the intelligence community’s use of the Internet for data mining. In FTR #1077, we highlighted the Cambridge Analytica affair, and Facebook’s full cooperation with that project at every turn.
Other Big Tech firms had similar reactions. “. . . . . ‘We hadn’t even heard of PRISM before yesterday,’ Mark Zuckerberg wrote in a Facebook post. He blamed the government and positioned Facebook as a victim. “I’ve called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform.’ Apple, Microsoft, Google, and Yahoo! All reacted in much the same way, denying the allegations and painting themselves as the victims of government overreach. ‘It’s tremendously disappointing that the government sort of secretly did all this stuff and didn’t tell us. We can’t have a democracy if we’re having to protect you and our users from the government,’ Larry Page told Charlie Rose in an interview on CBS. . . . .”
We present the conclusion of the main part of the book, with Levine’s summation of the inextricable nature and symbiosis between the Internet, the tech firms and the so-called “privacy community.”
The key points of discussion and analysis of Levine’s book (as a whole) include:
- The Internet is a weapon, developed for counter-insurgency purposes.
- Big Tech firms network with the very intelligence services they publicly decry.
- Big Tech firms that data mine their customers on a nearly unimaginable scale do so as a direct, operational extension of the very surveillance function upon which the Internet is predicated.
- The technologies touted by the so-called “Privacy Activists” such as Edward Snowden and Jacob Applebaum were developed by the very intelligence services they are supposed to deflect.
- The technologies touted by the so-called “Privacy Activists” such as Edward Snowden and Jacob Applebaum–such as the Tor Internet function and the Signal mobile phone app– are readily accessible to the very intelligence services they are supposed to deflect.
- The organizations that promote the alleged virtues of Snowden, Applebaum, Tor, Signal et al are linked to the very intelligence services they would have us believe they oppose.
- Big Tech firms embrace “Internet Freedom” as a distraction from their own willful and all-embracing data mining and their ongoing conscious collaboration with the very intelligence services they publicly decry.
NB: Mr. Levine does not go into the fascistic character of Snowden, Assange, Greenwald et al. Some of those shows: Greenwald–FTR #888, Snowden–FTR #‘s 756, 831, Assange and WikiLeaks–FTR #‘s 732, 745, 755, 917.
“. . . . Then there was the fact that Signal ran on Amazon’s servers, which meant that all its data were available to a partner in the NSA’s PRISM surveillance program. Equally problematic, Signal needed Apple and Google to install and run the app on people’s mobile phones. Both companies were, and as far as we know still are, partners in PRISM as well. ‘Google usually has root access to the phone, there’s the issue of integrity,’ writes Sander Venema, a respected developer and secure—technology trainer, in a blog post explaining why he no longer recommends people use Signal for encrypted chat. ‘Google is still cooperating with the NSA and other intelligence agencies. PRISM is also still a thing. I’m pretty sure that Google could serve a specially modified update or version of Signal to specific target for surveillance, and they would be none the wiser that they installed malware on their phones.’ . . .
. . . . So, although the app encrypted the content of people’s messages, it also marked them with a flashing red sign: ‘Follow Me, I Have Something to Hide.’ (Indeed, activists protesting at the Democratic National Convention in Philadelphia in 2016 told me that they were bewildered by the fact that police seemed to know and anticipate their every move despite their having used Signal to organize. . . .”
” . . . . For many Internet companies, including Google and Facebook, surveillance is the business model. It is the base on which their corporate and economic power rests. Disentangle surveillance and profit, and these companies would collapse. Limit data collection, an the companies would see investors flee and their stock prices plummet. [Italics are mine–D.E.]
“Silicon Valley fears a political solution to privacy. Internet Freedom and crypto offer an acceptable alternative. Tools like Signal and Tor provide a false solution to the privacy problem, focusing people’s attention on government surveillance and distracting them from the private spying carried out by the Internet companies they use every day. All the while, crypto tools give people a [false] sense that they’re doing something to protect themselves, a feeling of personal empowerment and control. And all those crypto radicals? Well, they just enhance the illusion, heightening the impression of risk and danger. With Signal or Tor installed, using an iPhone or Android suddenly becomes edgy and radical. So instead of pushing for political and democratic solutions to surveillance, we outsource our privacy politics to crypto apps–software made by the very same powerful entities that these apps are supposed to protect us from. . . .”
1. The Arab Spring provided motivation for enhanced U.S. funding for Internet Freedom. The Open Technology Fund, like the BBG a CIA “derivative,” was at the center of this: ” . . . . The motivation for this expansion came out of the Arab Spring. The idea was to make sure the US government would maintain its technological advantage in the censorship arms race that began in the early 2000s, but the funds were also going into developing a new generation of tools aimed at leveraging the power of the Internet to help foreign opposition activists organize into cohesive political movements. The BBG’s $25.5 million cut of the cash more than doubled the agency’s anticensorship technology budget from the previous year, and the BBG funneled the money into the Open Technology Fund, a new organization it had created within Radio Free Asia to fund Internet Freedom technologies in the wake of the Arab Spring. . . .”
The fundamental position of BBG and OTF (read “CIA”) to the so-called online privacy community was concisely expressed by Yasha Levine: ” . . . . From behind this hip and connected exterior, BBG and Radio Free Asia built a vertically integrated incubator for Internet Freedom technologies, pouring millions into projects big and small, including everything from evading censorship to helping political organizing, protests, and movement building. With its deep pockets and its recruitment of big-name privacy activists, the Open Technology Fund didn’t just thrust itself into the privacy movement. In many ways, it WAS the privacy movement. . . .”
. . . . In early January 2014, six months after Snowden’s leaks, Congress passed the Consolidated Appropriations Act, an omnibus federal spending bill. Tucked into the bill’s roughly fifteen hundred pages was a short provision that dedicated $50.5 million to the expansion of the US government’s Internet Freedom arsenal. The funds were to be split evenly between the State Department and the Broadcasting Board of Governors.
Although Congress had been providing funds for various anti-censorship programs for years, this was the first time that it budgeted money specifically for Internet Freedom. The motivation for this expansion came out of the Arab Spring. The idea was to make sure the US government would maintain its technological advantage in the censorship arms race that began in the early 2000s, but the funds were also going into developing a new generation of tools aimed at leveraging the power of the Internet to help foreign opposition activists organize into cohesive political movements.
The BBG’s $25.5 million cut of the cash more than doubled the agency’s anticensorship technology budget from the previous year, and the BBG funneled the money into the Open Technology Fund, a new organization it had created within Radio Free Asia to fund Internet Freedom technologies in the wake of the Arab Spring.
Initially launched by the Central Intelligence Agency in 1951 to target China with anticommunist radio broadcasts, Radio Free Asia had been shuttered and relaunched several times over the course of its history. In 1994, after the fall of the Soviet Union, it reappeared Terminator-like as a private nonprofit corporation wholly controlled and funded by the Broadcasting Board of Governors. . . .
. . . . Now, with the Open Technology Fund (OTF), Radio Free Asia oversaw the funding of America’s Internet Freedom programs. To run OTF’s day-to-day operations, Radio Free Asia hired Dan Meredith, a young techie who worked at Al-Jazeera in Qatar and who had been involved in the State Department’s anticensorship initiatives going back to 2011. With a scruffy beard and messy blond surfer hair, Meredith wasn’t a typical stuffy State Department suit. He was fluent in cypherpunk-hacktivist lingo and was very much a part of the grassroots privacy community he sought to woo. In short, he wasn’t the kind of person you’d expect to run a government project with major foreign policy implications.
With him at the helm, OTF put a lot of effort on branding. Outwardly, it looked like a grassroots privacy activist organization, not a government agency. It produced hip 8‑bit YouTube videos about its mission to use “public funds to support Internet freedom projects” and promote “human rights and open societies.” Its web layout constantly changed to reflect the trendiest design standards.
But if OTF appeared scrappy, it was also extremely well connected. The organization was supported by a star-studded team—from best-selling science fiction authors to Silicon Valley executives and celebrated cryptography experts. Its advisory board included big names from the Columbia Journalism School, the Electronic Frontier Foundation, the Ford Foundation, Open Society Foundations, Google, Slack, and Mozilla. Andrew McLaughlin, the former head of Google’s public relations team who had brought in Al Gore to talk a California state senator into canceling legislation that would regulate Gmail’s email scanning program, was part of the OTF team. So was Cory Doctorow, a best-selling young adult science fiction author, whose books about a totalitarian government’s surveillance were read and admired by Laura Poitras, Jacob Applebaum, Roger Dingledine, and Edward Snowden. Doctorow was a huge personality in the crypto movement who could fill giant conference halls at privacy conferences. He publicly endorsed OTF’s Internet Freedom mission. “I’m proud to be a volunteer OTF advisor,” he tweeted.
From behind this hip and connected exterior, BBG and Radio Free Asia built a vertically integrated incubator for Internet Freedom technologies, pouring millions into projects big and small, including everything from evading censorship to helping political organizing, protests, and movement building. With its deep pockets and its recruitment of big-name privacy activists, the Open Technology Fund didn’t just thrust itself into the privacy movement. In many ways, it was the privacy movement. . . .
2. In addition to Tor, the Open Technology Fund (read “CIA”) helped finance the Signal app for mobile phones. It, too, is fundamentally compromised. ” . . . . . . . . The Tor project remained the best-known privacy app funded by the Open Technology Fund, but it was quickly joined by another: Signal, an encrypted mobile phone messaging app for the iPhone and Android. . . .”
Not surprisingly, the CIA’s Eddie “The Friendly Spook” Snowden was a big promoter of Signal: ” . . . . People at the ACLU claimed that Signal made federal agents weep. The Electronic Frontier Foundation added Signal alongside Tor to its Surveillance Self-Defense guide. Fight for the Future, a Silicon Valley-funded privacy activist organization, described Signal and Tor as ‘NSA-proof’ and urged people to use them. Edward Snowden was the combo’s biggest and most famous booster and repeatedly took to Twitter to tell his three million followers that he used Signal and Tor every day, and that they should do the same to protect themselves from government surveillance. ‘Use Tor, Use Signal,’ he tweeted out.
“With endorsements like these, Signal quickly became the go-to app for political activists around the world. Egypt, Russia, Syria, and even the United States—millions downloaded Signal, and it became the communication app of choice for those who hoped to avoid police surveillance. Feminist collectives, anti-President Donald Trump protesters, communists, anarchists, radical animal rights organizations, Black Lives Matter activists—all flocked to Signal. Many were heeding Snowden’s advice: ‘Organize. Compartmentalize to limit compromise. Encrypt everything, from calls to texts (use Signal as a first step.)’ . . . .”
Yasha Levine sums up the fundamental contradictions inherent in this dynamic: ” . . . . If you stepped back to survey the scene, the entire landscape of this new Internet Freedom privacy movement looked absurd. Cold War-era organizations spun off from the CIA now funding the global movement against government surveillance? Google and Facebook, companies that ran private surveillance networks and worked hand in hand with the NSA, deploying government-funded privacy tech to protect their users from government surveillance? Privacy activists working with Silicon Valley and the US government to fight government surveillance—and with the support of Edward Snowden himself? . . . .”
Following Snowden’s promotion of OTF’s Tor and Signal technologies, OTF was at a zenith: ” . . . . After Edward Snowden, OTF was triumphant. It didn’t mention the leaker by name in its promotional materials, but it profited from the crypto culture he promoted and benefited from his direct endorsement of the crypto tools it financed. It boasted that its partnership with both Silicon Valley and respected privacy activists meant that hundreds of millions of people could use the privacy tools the US government had brought to market. And OTF promised that this was just a start: ‘By leveraging social network effects, we expect to expand to a billion regular users taking advantage of OTF-supported tools and Internet Freedom technologies by 2015. . . .’
. . . . The Tor project remained the best-known privacy app funded by the Open Technology Fund, but it was quickly joined by another: Signal, an encrypted mobile phone messaging app for the iPhone and Android.
Signal was developed by Open Whisper Systems, a for-profit corporation run by Moxie Marlinspike, a tall lanky cryptographer with a head full of dreadlocks. Marlinspike was an old friend of Jacob Appelbaum, and he played a similar radical game. He remained cryptic about his real name and identity, told stories of being targeted by the FBI, and spent his free time sailing and surfing in Hawaii. He had made a good chunk of money selling his encryption start-up and had worked with the State Department on Internet Freedom projects since 2011, but he posed as a feisty anarchist fighting the system. His personal website was called thoughtcrime.org—a reference to George Orwell’s 1984, which seemed a bit tongue-in-cheek given that he was taking big money—nearly $3 million—from Big Brother to develop his privacy app.
Signal was a huge success. Journalists, privacy activists, and cryptographers hailed Signal as an indispensable Internet privacy tool. It was a complement to Tor in the age of mobile phones. While Tor anonymized browsing, Signal encrypted voice calls and text, making it impossible for governments to monitor communication. Laura Poitras gave it two secure thumbs up as a powerful people’s encryption tool and told everyone to use it every day. People at the ACLU claimed that Signal made federal agents weep. The Electronic Frontier Foundation added Signal alongside Tor to its Surveillance Self-Defense guide. Fight for the Future, a Silicon Valley-funded privacy activist organization, described Signal and Tor as “NSA-proof” and urged people to use them.
Edward Snowden was the combo’s biggest and most famous booster and repeatedly took to Twitter to tell his three million followers that he used Signal and Tor every day, and that they should do the same to protect themselves from government surveillance. “Use Tor, Use Signal,” he tweeted out.
With endorsements like these, Signal quickly became the go-to app for political activists around the world. Egypt, Russia, Syria, and even the United States—millions downloaded Signal, and it became the communication app of choice for those who hoped to avoid police surveillance. Feminist collectives, anti-President Donald Trump protesters, communists, anarchists, radical animal rights organizations, Black Lives Matter activists—all flocked to Signal. Many were heeding Snowden’s advice: “Organize. Compartmentalize to limit compromise. Encrypt everything, from calls to texts (use Signal as a first step.)”
Silicon Valley cashed in on OTF’s internet Freedom spending as well. Facebook incorporated Signal’s underlying encryption protocol into WhatsApp, the most popular messaging app in the world. Google followed suit, building Signal’s Encryption into its Allo and Duo text and video messaging apps. It was a smart move because the praise flowed in. “Allo and Duo’s new security features, in other words, are Google’s baby steps towards a fully-encrypted future, into the sort of bold moves to elevate privacy above profit or politics that some of its competitors have already taken,” wrote Wired’s Andy Greenberg. “But for a company to build on a data collection model that’s often fundamentally opposed to privacy, baby steps are better than none at all.”
If you stepped back to survey the scene, the entire landscape of this new Internet Freedom privacy movement looked absurd. Cold War-era organizations spun off from the CIA now funding the global movement against government surveillance? Google and Facebook, companies that ran private surveillance networks and worked hand in hand with the NSA, deploying government-funded privacy tech to protect their users from government surveillance? Privacy activists working with Silicon Valley and the US government to fight government surveillance—and with the support of Edward Snowden himself? . . . .
. . . . In any event, with support from someone as celebrated as Edward Snowden, few had any reason to question why apps like Signal and Tor existed, or what larger purpose they served. It was easier and simpler to put your trust in app, and to believe in the idea that America still had a healthy civil society, where people could come together to fund tools that countervailed the surveillance power of the state. That suited the sponsors of Internet Freedom just fine.
After Edward Snowden, OTF was triumphant. It didn’t mention the leaker by name in its promotional materials, but it profited from the crypto culture he promoted and benefited from his direct endorsement of the crypto tools it financed. It boasted that its partnership with both Silicon Valley and respected privacy activists meant that hundreds of millions of people could use the privacy tools the US government had brought to market. And OTF promised that this was just a start: “By leveraging social network effects, we expect to expand to a billion regular users taking advantage of OTF-supported tools and Internet Freedom technologies by 2015. . . .”
3. As eventually became clear, the Tor network was easily breached. It is a safe bet that the fascists grouped around the Pirate Bay site (on which WikiLeaks held forth), had breached Tor’s “secrecy,” in addition to the obvious fact that intelligence services could penetrate it at will.
With this in mind, John Young’s rumination about WikiLeaks sound more and more substantive.
In all probability, WikiLeaks was a huge data mining operation both by the very intelligence agencies who were ostensibly targeted by WikiLeaks, and the Fascist International network around Carl Lundstrom, Daniel Friberg, David Duke et al.
. . . . Working under a Pentagon contract, researchers [at Carnegie Mellon University in Pennsylvania] had figured out a cheap and easy way to crack Tor’s super-secure network with just $3,000.00 worth of equipment. . . .
. . . . He [Dingledine] accused Carnegie Mellon researchers of violating academic standards for ethical research by working with law enforcement. He then announced that the Tor Project would publish guidelines for people who might want to hack or crack Tor for “academic” and “independent research” purposes in the future but do so in an ethical manner by first obtaining consent of the people who were being hacked. . . .
. . . . If it was so frail that it needed academic researchers to abide by an ethical honor code to avoid deanonymizing users without their consent, how could it hold up to the FBI or NSA or the scores of foreign intelligence agencies from Russia to China to Australia that might want to punch through its anonymity systems?
In 2015, when I first read these statements from the Tor Project, I was shocked. This was nothing less than a veiled admission that Tor was useless at guaranteeing anonymity and that it required attackers to behave “ethically” in order for it to remain secure. . . .
4. In FTR #‘s 756 and 831 we noted Snowden’s fascist views and connections. Levine merely characterizes him as a “right-wing libertarian,” but there is MUCH MORE TO IT THAN THAT!
. . . . There he came out as a right-wing libertarian: he hated the New Deal, wanted to shrink the government to the size of a peanut, and believed the state had no right to control the money supply. He preferred the gold standard. He mocked old people for needing old-age pensions. “Somehow, our society managed to make it hundreds of years without social security just fine,” he wrote on the forum. “Magically the world changed after the new deal, and old people became made of glass.” He called people who defended America’s Social Security system “fucking retards.” . . . .
5. Snowden downplayed the fundamental role of the Big Tech firms in aiding and abetting government surveillance, in addition to their own massive surveillance and resultant data mining. ” . . . . There, while living under state protection at an undisclosed location in Moscow, he swept Silicon Valley’s role in Internet surveillance under the rug. Asked about it by Washington Post reporter Barton Gellman, who had first reported on the NSA’s PRISM program, Snowden shrugged off the danger posed by companies like Google and Facebook. The reason? Because private companies do not have the power to arrest, jail, or kill people. ‘Twitter doesn’t put warheads on foreheads,’ he joked. . . .”
. . . . There, while living under state protection at an undisclosed location in Moscow, he swept Silicon Valley’s role in Internet surveillance under the rug. Asked about it by Washington Post reporter Barton Gellman, who had first reported on the NSA’s PRISM program, Snowden shrugged off the danger posed by companies like Google and Facebook. The reason? Because private companies do not have the power to arrest, jail, or kill people. “Twitter doesn’t put warheads on foreheads,” he joked. . . .
. . . . Snowden’s views on private surveillance were simplistic, but they seemed to be in line with his politics. He was a libertarian and believed the utopian promise of computer networks. He believed that the Internet was an inherently liberating technology that, if left alone, would evolve into a force of good in the world. The problem wasn’t Silicon Valley; it was government power. To him, cynical intelligence agencies like the NSA had warped the utopian promise of the Internet, turning it into a dystopia where spies tracked our every move and recorded everything we said. He believed the government was the central problem and distrusted legislative or political solutions to curb surveillance, which would only involve the government even more. As it so happened, his line of thinking tracked perfectly with the antigovernment privacy initiatives that Internet companies like Google and Facebook had started pushing to deflect attention from their private surveillance practices. . . .
6. Embodying his “corporatist” and Technocratic Fascist point of view, Snowden championed the Big Tech firms as bulwarks against government Internet surveillance, despite the only-too-obvious fact (reinforced by the documents he leaked) that Big Tech is–and always has been–in bed with, and actively collaborating with, the very government intelligence agencies conducting that surveillance: ” . . . . The only islands of safety were the private data centers controlled by private companies—Google, Apple, Facebook. These were the cyber-fortresses and walled cities that offered sanctuary to the masses. In this chaotic landscape, computer engineers and cryptographers played the role of selfless galloping knights and wizard-warriors whose job was to protect the weak folk of the Internet: the young, the old and infirm, families. It was their duty to ride out, weapons aloft, and convey people and their precious data safely from fortress to fortress, not letting any of the information fall into the hands of government spies. He called on them to start a people’s privacy war, rallying them to go forth and liberate the Internet, to reclaim it from the governments of the world. . . .”
. . . . Snowden portrayed the Internet as a scary and violent place, a cyber-medieval landscape filled with roaming government bandits, hostile armies, and booby traps. It was a place where regular people were always at risk. The only islands of safety were the private data centers controlled by private companies—Google, Apple, Facebook. These were the cyber-fortresses and walled cities that offered sanctuary to the masses. In this chaotic landscape, computer engineers and cryptographers played the role of selfless galloping knights and wizard-warriors whose job was to protect the weak folk of the Internet: the young, the old and infirm, families. It was their duty to ride out, weapons aloft, and convey people and their precious data safely from fortress to fortress, not letting any of the information fall into the hands of government spies. He called on them to start a people’s privacy war, rallying them to go forth and liberate the Internet, to reclaim it from the governments of the world. . . .
. . . . Snowden’s disregard for political solutions and his total trust in the ability of technology to solve complex social problems wasn’t surprising. He was simply reaffirming what he had told journalists back in 2013: “Let us speak no more of faith in man, but bind him down from mischief by chains of cryptography.” . . .
7. The nauseating head of Facebook–Mark Zuckerberg–has decried the intelligence community’s use of the Internet for data mining. In FTR #1077, we highlighted the Cambridge Analytica affair, and Facebook’s full cooperation with that project at every turn.
Other Big Tech firms had similar reactions. “. . . . . ‘We hadn’t even heard of PRISM before yesterday,’ Mark Zuckerberg wrote in a Facebook post. He blamed the government and positioned Facebook as a victim. “I’ve called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform.’ Apple, Microsoft, Google, and Yahoo! All reacted in much the same way, denying the allegations and painting themselves as the victims of government overreach. ‘It’s tremendously disappointing that the government sort of secretly did all this stuff and didn’t tell us. We can’t have a democracy if we’re having to protect you and our users from the government,’ Larry Page told Charlie Rose in an interview on CBS. . . . .”
. . . . You didn’t have to be a tech expert to see that the government surveillance on the Internet simply could not exist without the private infrastructure and consumer services provided by Silicon Valley. Companies like Google, Facebook, Yahoo!, eBay and Apple did all the heavy lifting: they built the platforms that drew in billions of users and collected a boggling amount of data about them. All that the NSA had to do to get at the data was connect a few wires, which the agency did with full cooperation and total discretion from the companies themselves. . . . .
. . . . . “We hadn’t even heard of PRISM before yesterday,” Mark Zuckerberg wrote in a Facebook post. He blamed the government and positioned Facebook as a victim. “I’ve called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform.” Apple, Microsoft, Google, and Yahoo! All reacted in much the same way, denying the allegations and painting themselves as the victims of government overreach. “It’s tremendously disappointing that the government sort of secretly did all this stuff and didn’t tell us. We can’t have a democracy if we’re having to protect you and our users from the government,” Larry Page told Charlie Rose in an interview on CBS. . . . .
8. We present the conclusion of the main part of the book, with Levine’s summation of the inextricable nature and symbiosis between the Internet, the tech firms and the so-called “privacy community.”
The key points of discussion and analysis of Levine’s book (as a whole) include:
- The Internet is a weapon, developed for counter-insurgency purposes.
- Big Tech firms network with the very intelligence services they publicly decry.
- Big Tech firms that data mine their customers on a nearly unimaginable scale do so as a direct, operational extension of the very surveillance function upon which the Internet is predicated.
- The technologies touted by the so-called “Privacy Activists” such as Edward Snowden and Jacob Applebaum were developed by the very intelligence services they are supposed to deflect.
- The technologies touted by the so-called “Privacy Activists” such as Edward Snowden and Jacob Applebaum–such as the Tor Internet function and the Signal mobile phone app– are readily accessible to the very intelligence services they are supposed to deflect.
- The organizations that promote the alleged virtues of Snowden, Applebaum, Tor, Signal et al are linked to the very intelligence services they would have us believe they oppose.
- Big Tech firms embrace “Internet Freedom” as a distraction from their own willful and all-embracing data mining and their ongoing conscious collaboration with the very intelligence services they publicly decry.
NB: Mr. Levine does not go into the fascistic character of Snowden, Assange, Greenwald et al. Some of those shows: Greenwald–FTR #888, Snowden–FTR #‘s 756, 831, Assange and WikiLeaks–FTR #‘s 732, 745, 755, 917.
. . . . Then there was the fact that Signal ran on Amazon’s servers, which meant that all its data were available to a partner in the NSA’s PRISM surveillance program. Equally problematic, Signal needed Apple and Google to install and run the app on people’s mobile phones. Both companies were, and as far as we know still are, partners in PRISM as well. “Google usually has root access to the phone, there’s the issue of integrity,” writes Sander Venema, a respected developer and secure—technology trainer, in a blog post explaining why he no longer recommends people use Signal for encrypted chat. “Google is still cooperating with the NSA and other intelligence agencies. PRISM is also still a thing. I’m pretty sure that Google could serve a specially modified update or version of Signal to a specific target for surveillance, and they would be none the wiser that they installed malware on their phones.”
Equally weird was the way the app was designed to make it easy for anyone monitoring Internet traffic to flag people using Signal to communicate. All that the FBI or, say, Egyptian or Russian security services had to do was watch for the mobile phones that pinged a particular Amazon server used by Signal, and it was trivial to isolate activists from the general smartphone population. So, although the app encrypted the content of people’s messages, it also marked them with a flashing red sign: “Follow Me, I Have Something to Hide.” (Indeed, activists protesting at the Democratic National Convention in Philadelphia in 2016 told me that they were bewildered by the fact that police seemed to know and anticipate their every move despite their having used Signal to organize.
Debate about Signal’s technical design was moot anyway. Snowden’s leaks showed that the NSA had developed tools that could grab everything people did on their smartphones, which presumably included text and received by Signal. In early March, 2017, WikiLeaks published a cache of CIA hacking tools that confirmed the inevitable. The agency worked with the NSA as well as other “cyber arms contractors” to develop hacking tools that targeted smartphones, allowing it to bypass the encryption of Signal and any other encrypted chat apps, including Facebook’s WhatsApp. “The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone,” explained a WikiLeaks press release. “These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”
Disclosure of these hacking tools showed that, in the end, Signal’s encryption didn’t really matter, not when the CIA and NSA owned the underlying operating system and could grab whatever they wanted before encryption or obfuscation algorithms were applied. The flaw went beyond Signal and applied to every type of encryption technology on every type of consumer computer system. . . .
. . . . Convoluted as the story may be, US government support for Internet Freedom and its underwriting of crypto culture makes perfect sense. The Internet came out of a 1960s military project to develop an information weapon. It was born out of a need to quickly communicate, process data, and control a chaotic world. Today, the network is more than a weapon; it is also a field of battle, a place where vital military and intelligence operations take place. Geopolitical struggle has moved online, and Internet Freedom is a weapon in that fight.
If you take a big-picture view, Silicon Valley’s support for Internet Freedom makes sense as well. Companies like Google and Facebook first supported it as a part of a geopolitical business strategy, a way of subtly pressuring countries that closed their networks and markets to Western technology companies. But after Edward Snowden’s revelations exposed the industry’s rampant private surveillance practices to the public, Internet Freedom offered another powerful benefit.
For years, public opinion has been stacked firmly against Silicon Valley’s underlying business model. In poll, after poll, a majority of Americans have voiced their opposition to corporate surveillance and have signaled support for increased regulation of the industry. This has always been a deal breaker for Silicon Valley. For many Internet companies, including Google and Facebook, surveillance is the business model. It is the base on which their corporate and economic power rests. Disentangle surveillance and profit, and these companies would collapse. Limit data collection, and the companies would see investors flee and their stock prices plummet. [Italics are mine–D.E.]
Silicon Valley fears a political solution to privacy. Internet Freedom and crypto offer an acceptable alternative. Tools like Signal and Tor provide a false solution to the privacy problem, focusing people’s attention on government surveillance and distracting them from the private spying carried out by the Internet companies they use every day. All the while, crypto tools give people a [false] sense that they’re doing something to protect themselves, a feeling of personal empowerment and control. And all those crypto radicals? Well, they just enhance the illusion, heightening the impression of risk and danger. With Signal or Tor installed, using an iPhone or Android suddenly becomes edgy and radical. So instead of pushing for political and democratic solutions to surveillance, we outsource our privacy politics to crypto apps–software made by the very same powerful entities that these apps are supposed to protect us from.
In that sense, Edward Snowden is like the branded face of an Internet consumerism-as-rebellion lifestyle campaign, like the old Apple ad about shattering Big Brother or the Nike spot set to the Beatles’ “Revolution.” While Internet billionaires like Larry Page, Sergey Brin, and Mark Zuckerberg slam government surveillance, talk up freedom, and embrace Snowden and crypto privacy culture, their companies still cut deals with the Pentagon, work with the NSA and CIA, [and companies like Cambridge Analytica–D.E.] and continue to track and profile people for profit. It is the same old split-screen marketing trick: the public branding and the behind-the-scenes reality.
Internet Freedom is a win-win for everyone involved–everyone except regular users, who trust their privacy to double-dealing military contractors, while powerful Surveillance Valley corporations continue to build out the old military cybernetic dream of a world where everyone is watched, predicted, and controlled. . . .
This next article based on a former Apple subcontractor who exposed the privacy abuses that are going on with smartphones. He announced this in a letter sent to European data protection regulators. He revealed that people who use Siri would have it activated without their permission or knowledge. It was used to record conversations and all background information with whoever was present. This was done without the user having activated Siri or authorized this to be done. The information was transcribed. The laws on the books in the EU are not being enforced. He mentioned that he listened to hundreds of conversations per day and this was done by his colleagues.
He also said that the competitions activities were worse because Apple did not link the information to a specific account, while their competition did.
Apple whistleblower goes public over ‘lack of action’
Thomas le Bonniec says firm violating rights and continues massive collection of data
Alex Hern
@alexhern
The Guardian, U.K.
Wed 20 May 2020 00.00 EDT
Last modified on Wed 20 May 2020 00.03 EDT
A former Apple contractor who helped blow the whistle on the
company’s programme to listen to users’ Siri recordings has decided to go public, in protest at the lack of action taken as a result of the disclosures.
In a letter announcing his decision, sent to all European data protection regulators, Thomas le Bonniec said: “It is worrying that Apple (and undoubtedly not just Apple) keeps ignoring and violating fundamental rights and continues their massive collection of data.
“I am extremely concerned that big tech companies are basically wiretapping entire populations despite European citizens being told the EU has one of the strongest data protection laws in the world. Passing a law is not good enough: it needs to be enforced upon privacy offenders.”
Le Bonniec, 25, worked as a subcontractor for Apple in its Cork offices, transcribing user requests in English and French, until he quit in the summer of 2019 due to ethical concerns with the work. “They do operate on a moral and legal grey area,” he told the Guardian at the time, “and they have been doing this for years on a massive scale. They should be called out in every possible way.”
Following the revelations of Le Bonniec and his colleagues, Apple promised sweeping changes to its “grading” program, which involved thousands of contractors listening to recordings made, both accidentally and deliberately, using Siri. The company apologised, brought the work in-house, and promised that it would only grade recordings from users who had explicitly opted-in to the practice.
“We realise we have not been fully living up to our high ideals,” the company said in a statement in August. It eventually released a software update in late October that allowed users to opt-in or out of their voice recordings being used to “improve Siri dictation”, and to choose to delete the recordings that Apple had stored. The company also emphasised that, unlike its competition, Siri recordings are never linked to a specific Apple account.
But, Le Bonniec argues, the company never really faced the consequences for its years-long programme in the first place.
“I listened to hundreds of recordings every day, from various Apple devices (eg. iPhones, Apple Watches, or iPads). These recordings were often taken outside of any activation of Siri, eg in the context of an actual intention from the user to activate it for a request. These processings were made without users being aware of it, and were gathered into datasets to correct the transcription of the recording made by the device,” he said.
“The recordings were not limited to the users of Apple devices, but also involved relatives, children, friends, colleagues, and whoever could be recorded by the device. The system recorded everything: names, addresses, messages, searches, arguments, background noises, films, and conversations. I heard people talking about their cancer, referring to dead relatives, religion, sexuality, pornography, politics, school, relationships, or drugs with no intention to activate Siri whatsoever.
“These practices are clearly at odds with the company’s ‘privacy-driven’ policies and should be urgently investigated by data protection authorities and Privacy watchdogs. With the current statement, I want to bring this issue to your attention, and also offer my cooperation to provide any element substantiating these facts. Although this case has already gone public, Apple has not been subject to any kind of investigation to the best of my knowledge.”
https://www.theguardian.com/technology/2020/may/20/apple-whistleblower-goes-public-over-lack-of-action?CMP=Share_iOSApp_Other
A Pentagon-related internet mystery was revealed last week. It was the kind of reveal that that answered one mystery but created a much larger mystery in the process. A much larger mystery that includes the mystery of why this whole thing wasn’t more mysterious:
First, here’s an excerpt from an AP article last week that revealed some information about a mystery that erupted on Inauguration Day, January 20: A Florida-based company, Global Resource Systems LLC, announced that it was now managing a previously idle chunk of the internet ‘address space’ (like IP addresses) owned by the US Department of Defense. About 175 million internet addresses in total, which is about 1/25th (~4%) of the size of the current internet and more internet space than China Telecom, AT&T or Comcast. The announcement immediately created the mystery of why exactly this seemingly random company — with no history of government contracts — was chosen for this job. And more generally, the mystery of what it was that the Pentagon wants Global Resource Systems to do with all this address space.
The mystery was solved somewhat last week when the Pentagon provided a brief explanation for what it has in mind for the company. The Pentagon hopes to “assess, evaluate and prevent unauthorized use of DoD IP address space,” according to the statement. It’s a plausible agenda item for the Pentagon since address-space squatting is a real issue.
But the announced explanation of the Pentagon’s intent for this project still doesn’t explain why Global Resource Systems was chosen for this job. It’s not just that Global Resource Systems has no track record for this kind of government work. It turns out the only person publicly associated with the company in the Florida business registry, Raymond Saulino, does have a history of government contracting work and it’s a rather interesting history. The kind of interesting history that gives us some clues about the nature of the actual work Global Resource Systems will be involved with while managing this chunk of the internet address space.
For starters, Saulino’s name showed in in 2018 in Nevada corporate records as a managing member of a cybersecurity/internet surveillance equipment company called Packet Forensics. Packet Forensics had nearly $40 million in publicly disclosed federal contracts over the past decade, including with the FBI and the Pentagon’s Defense Advanced Research Projects Agency (DARPA). So while Global Resource Systems has no history of government contracting, Saulino appears to have quite a bit of experience.
In 2011, Packet Forensics and Saulino were featured in a Wired story because the company was selling an appliance to government agencies and law enforcement that let them spy on people’s web browsing using forged security certificates. So Saulino appears to have experience with government contracting involving technology that allows for web browsing spying. That’s the lone person publicly listed in relation to Global Resource Systems, which is rather odd when you think about it. When a longtime colleague at Packet Forensics, Rodney Joffe, was contacted about Saulino, Joffe said he believed Saulino was retired. Joffe is chief technical officer at Neustar Inc., which provides internet intelligence and services for major industries.
It also turns out that Packet Forensics continues to sell “lawful intercept” equipment and currently has a DARPA contract. That contract is described as “harnessing autonomy for countering cyber-adversary systems.” Contract description says the project involves investigating “technologies for conducting safe, nondisruptive, and effective active defense operations in cyberspace,” than that program would “investigate the feasibility of creating safe and reliable autonomous software agencies that can effectively counter malicious botnet implants and similar large-scale malware.”
You read that correctly: autonomous software agencies that can counter botnets and large-scale malware. That’s what Packet Forensics was contracted to develop for DARPA. It’s a rather intriguing description. After all, what exactly is that? It’s kind of vague. But as we’ll see, it sure sounds like the idea is to literally create antivirus software that will propagate itself.
Now, on the one hand, if you’re dealing with a botnet of malware-infected computers scattered across the internet, antivirus software that can propagate itself across that malware network does make a certain kind of logical sense. It’s just...well, now you’re antivirus software is acting like a virus It would have to propagate itself across computers without asking for permission first. That’s a virus. A theoretically benign virus, in this case although the definition of ‘benign’ is obviously a matter of interpretation.
So the only thing was know about Global Resource Systems is the name a single guy, Raymond Saulino. Saulino brings us to Packet Forensics, which recently got a DARPA contract to create virus-like autonomous antivirus software. Is this the nature of Global Resource Systems’s work for the Pentagon? Developing and/or deploying autonomous antivirus software? Keep in mind that any unauthorized computers operating in the internet address space managed by Global Resource Systems are technically breaking the rules of the internet. Might that create a legal loophole to allow for the deployment of ‘autonomous software agencies’ on those computers?
But the selection of Global Resource Systems for this project gets odder: the name is identical to a company previously sued for unfair business practices in 2006 over mass email spamming and was shut down over a decade ago. And both the old and current incarnations of Global Resource Systems have the same street address. So if Global Resource Systems was set up to be an innocuous random company that doesn’t draw a lot of attention it was pretty weird to give it the same name and address of a company charged with unfair business practices. But that’s what happened for mysterious reasons:
“The military hopes to “assess, evaluate and prevent unauthorized use of DoD IP address space,” said a statement issued Friday by Brett Goldstein, chief of the Pentagon’s Defense Digital Service, which is running the project. It also hopes to “identify potential vulnerabilities” as part of efforts to defend against cyber-intrusions by global adversaries, who are consistently infiltrating U.S. networks, sometimes operating from unused internet address blocks.”
Is the Pentagon merely hiring Global Resource Systems to “assess, evaluate and prevent unauthorized use of DoD IP address space” and “identify potential vulnerabilities”? Perhaps, but that’s the kind of description that could include a lot of different activity. Activity that could probably include the DARPA contract for Raymond Saulino’s Packet Forensics to “investigate the feasibility of creating safe and reliable autonomous software agencies that can effectively counter malicious botnet implants and similar large-scale malware”:
And then there’s the mystery of why Global Resource Systems was given the name and address of a company charged with unfair business practices. It’s like they were trying to create a kerfuffle. Or just got really lazy:
And that’s why we can only report that this mystery has been partially solved. We know at least have an official explanation from the Pentagon. An official explanation that doesn’t actually explain what it is that Global Resource Systems is going to be working on or why it was hired in the first place. But at least we have enough clues now to get a vague idea of what Global Resource Systems might be working on: autonomous (viral) antiviral software. It’s a fascinating concept and obviously a potential privacy nightmare. After all, once you start going down the path of autonomous antivirus software that can propagate itself from computer to computer, you’re just one step removed from autonomous antivirus software that can preemptively propagate itself from computer to computer without asking. Might that be what Global Resource Systems is actually working on? Well, if so, it’s worth noting that the Snowden documents actually talked about developing exactly that kind of technology:
“...A program known as TURBINE, first revealed last year, is meant to dramatically speed the process: one document says it will “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.””
Large scale implants of malware via automated control implants. That sure sounds like the basis for the creation of “safe and reliable autonomous software agencies that can effectively counter malicious botnet implants and similar large-scale malware.” Is Global Resource Systems developing an offshoot of project TURBINE? It sure sounds plausible based on what we’ve been told (and haven’t been told). There’s clearly an interest in this technology. For example, here’s an announcement from 2018 about DARPA contracts for the Harnessing Autonomy for Countering Cyber-adversary Systems (HACCS) program. What does the HACCS program develop? According to the announcement, the program would seek “the ability to find and eliminate sophisticated cyber security threats in a scalable, timely, safe, and reliable manner, while maintaining privacy and other legal safeguards — even if the owners of botnet-conscripted networks are unaware of the infection and are not participating in neutralization.” In other words, it was a DARPA program on how to develop a legal antiviral virus:
“HACCS seeks the ability to find and eliminate sophisticated cyber security threats in a scalable, timely, safe, and reliable manner, while maintaining privacy and other legal safeguards — even if the owners of botnet-conscripted networks are unaware of the infection and are not participating in neutralization.”
This sure sounds a lot like the Packet Forensics DARPA contract. But with more details. Details like the fact that this autonomous software is intended to be run on the computers of unwitting botnet victims without them being aware any of this is happening. And note the language used to describe how this autonomous antivirus software will be deployed: non-disruptive software exploits for many known vulnerabilities will be used to establish the initial presence on the botnet-infected network (where the software will proceed to catalogue all the devices on the network and what software its running). In other words, they’re going to hack into these already-hacked networks. All very innocently and benignly, of course. It’s a reminding that the concept of the autonomous antivirus virus a includes the idea that this autonomous software has robust built-in hacking capabilities. Otherwise how is it supposed to propagate itself otherwise?
Is this the future of the battle against viruses? Keep in mind that this is all kind of the logical end of the current digital privacy conundrum: having the NSA preemptively infect everyone’s computers with autonomous networks of antivirus viruses locked in a perpetual battle with all the other viruses. A logical end that basically includes the end of whatever semblance of digital privacy that remains. It’s not a great thought but let’s not pretend there are easy answers here.
So we’ll see how well creating autonomous super-hacker software entities that can auto-hack their way across the internet turns out. Autonomous super-hacker software autonomously working for the greater good, so there should probably be nothing to worry about. That’s how these things work, right?
Data privacy nightmares are nothing new. But that doesn’t mean we can’t put new twists on that now endemic reality. Which brings us to the following recent NY Times report on a part of daily life that is increasingly filled with serious privacy risks. Risks that go beyond just the rampant collection and selling of personal data:
As we’ve seen, modern cars — connected to the internet and bristling with cameras, microphones, and other sensors — have because privacy nightmares for consumers over the last decade. The kind of consumer privacy nightmare that has corporations fighting over own ‘owns’ all that data, resulting in fights between data giants like Google and Apple and car manufacturers over who ‘owns’ the data generated by these internet connected cars. Also recall how there’s there’s extra ambiguity about who ‘owns’ the data when it comes to rental cars. Is it the car manufacturer or rental fleet owner who can access that data? Audi was even developing a system of “deep learning” that monitored driver vital signs.
These kinds of risks have been known about for years now. The problem is that nothing has been done about them and now those risks appear to be worse than ever. For starters, cars are easier than ever to remotely operate, including with smartphone apps that allow owners to do things like turn on the lights, turn the engine off and on, or even turn on the heating/cooling or seat warmers. Or track your car’s location. As the following NY Times report describes, these features can be a convenience for most owners, they can easily turn into a nightmare especially for people in abusive relationships who co-own their car with their abuser. There is nothing mandating that car manufacturers have systems in place to deal with situations where one of those co-owners needs to have access cut off for another own, even when law enforcement gets involved. In fact, in one case, a woman who obtained a restraining order against her husband was unsuccessful in her attempts to get her husband’s remote access to car revoked. The woman took Telsa to court but a judge ultimately dismissed Tesla from the case on the basis that it would be “onerous” to expect car manufacturers to determine which claims of abuse were legitimate.
So what option to victims in this situation have? Selling the vehicle. But even then, as we’re going to see, there’s a new privacy nightmare. It turns out investigations of shown the previous owners of vehicles can often still remotely access their vehicles long after they’ve sold them, and there doesn’t appear to be an regulations in place to deal with it.
And then there’s the flip side to this risk to selling a used vehicle: that when you sell you car there’s no law mandating that the personal information stored in that car is deleted. That’s all the responsibility of the owner to take care of before the sale...assuming they have any idea this is a potential issue. Beyond that, only one state, Maine, has laws allowing consumers to request personal information be deleted from vehicles possess by insurance companies while dealing with a claims report.
Finally, as we’re also going to see, modern cars were given the award of worst privacy violators among more than a dozen different categories of products tested by the Mozilla Foundation last year. 19 out of 25 manufacturers admit to openly selling the information to data brokers that they collect on riders. Some even sell information they “infer” about you. Nissan, for example, creates profiles “reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.” And sell that profile data. Nissan even admitted to collection information that included license numbers, immigration status, race, sexual orientation, sexual activity, and even health diagnoses. Intriguingly, Nissan was one of six manufacturers who said they could collect “genetic information” or “genetic characteristics.” It’s not clear how this information is gathered, but it’s a sign of how extensive the collecting has become by 2024, with almost no consumer awareness of this happening at all.
So whether you are buying or selling a car, watch out. Because that car is watching you. Along with all the people and companies watching that car and everything that happens inside it:
“Modern cars have been called “smartphones with wheels” because they are internet-connected and have myriad methods of data collection, from cameras and seat weight sensors to records of how hard you brake and corner. Most drivers don’t realize how much information their cars are collecting and who has access to it, said Jen Caltrider, a privacy researcher at Mozilla who reviewed the privacy policies of more than 25 car brands and found surprising disclosures, such as Nissan saying it might collect information about “sexual activity.””
Smartphones on wheels. That’s one way of describing modern internet-connected cars. Smartphones on wheels that potentially detect sexual activity, collect that info, and make it available to whoever has access. Including vengeful exes. And as US law enforcement has found, these car manufacturers aren’t exactly responsive when abuses involving these remote access features are reported. In fact, a judge even ruled that it would be too onerous for car manufacturers to respond to cases like this. Car owners are on their own:
But, of course, it’s not just angry exes who pose a risk of malicious remote access. Anyone with remote access to your vehicle might use that power for nefarious reasons, whether that involves harassing/stalking like behavior or just secretly collecting about where you are and any other info collected by the car. And that brings us to the following report from back in 2021 about a discovery by a local investigative news team. A discovery that was actually brought to the CBS13 news team by someone who discovered he could still remotely access via a phone app his recently sold 2020 Ford Escape months after the sale and trade in of the car. When the journalists reached out to the car’s new owner, they reported not even realizing such an app had been set up. As the report found, this isn’t a Ford problem. It’s an industry-wide problem, with no standards in place for how to handle the process of keeping data safe when transferring ownership. Instead, it’s basically up to the consumers to be sure to wipe their cars before selling them. And this isn’t just an issue when selling vehicles. Insurance companies in possession of a car while a report is being filed can potentially access all of the info stored on a car too, and there’s no law mandating how this data is treated:
“Mike Hall of Windham says he traded in his 2020 Ford Escape in August, but as of late October, he could still access the FordPass app and control the vehicle remotely.”
With great power comes great responsibility. And as this investigation discovered, not only did the former owner of this car still have remote access to the car months later, but the new owner had no idea this remote access was set up in the first place. How many used cars are being monitored like this today? And this isn’t a Ford issue. It’s an industry issue:
And then there’s the insurance companies, which might also get their hands on a vehicle, temporarily or permanently. Only a single state, Maine, mandates that insurance companies delete personal information gathered from these vehicles if consumers request it. In other words, in every state but Maine insurance companies can kind of do what they want with the data extracted from vehicles in their possession:
And as we’ve seen, these ‘smartphones on wheels’ are also creating all sorts of new revenue streams for car manufacturers and anyone else with access to that data thanks to the fact that it can all be sold to marketers. Which is exactly what is happening, according to a recent Mozilla investigation that found modern cars to be the worst privacy violators among more than a dozen product categories tested. Nineteen car manufacturers admit to selling your data and they appear to have no intent on allowing owners to opt out of this new reality. The only real option is owning an older pre-digital car:
“Cars scored worst for privacy among more than a dozen product categories — including fitness trackers, reproductive-health apps, smart speakers and other connected home appliances — that Mozilla has studied since 2017.”
How bad does a product category’s privacy have to be to be the worst in 2023? Presumably even more awful than people ever suspected. And that’s what Mozilla found: abhorrent privacy standards that basically don’t exist. Instead, it’s a data free-for-all, with 19 out of 25 car manufacturers openly selling your personal data to marketers. Than there’s the service providers like SiriusXM or Google Maps and Onstar who also get to partake in the data collection. It’s rampant collection and selling of personal data and the industry has zero intent on making it less rampant:
And then we get to this incredible disclosure by Nissan, which appears to somehow collect immigration status, race, sexual orientation, sexual activity, and health diagnoses. Nissan can even “infer” characteristics about you about like “psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” and sell that info. And Nissan was only one of six different car companies collecting some sort of “genetic information” on riders. Who knows how exactly they were collecting genetic information but six car manufacturers appear to be doing it somehow:
So for anyone considering the purchase of new car, have you considered a used one instead? Perhaps a older model that isn’t permanently connected to the internet, cameras, and microphones? Because there’s a certain nostalgia to not having your car spy on you for the financial benefit of random strangers or your stalkers. Good times. Simpler times.