Slashdot Mirror
NSA and GCHQ Target "Leaky" Phone Apps To Scoop User Data
schwit1 writes "New leaked NSA documents shed a new light on the agency's assault on the data controls of smartphone apps. Using app data permissions as a jumping off point, the documents show agency staffers building huge quantities of data, including 'intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.' One slide lists capabilities for 'hot mic' recording, high precision geotracking, and file retrieval which would reach any content stored locally on the phone, including text messages, emails and calendar entries. As the slide notes in a parenthetical aside, 'if it's on the phone, we can get it.'"
I always wondered why he did this. To create the GPS industry? I don't think so. Instead I think it was with the full knowledge that in a short time, the NSA could track people using it.
excitingthingstodo.blogspot.com
And a police officer has the technical capacity to walk into my house and shoot me dead. That I can appreciate his likely skill with a service revolver doesn't mean he gets to shoot me dead at a whim.
The same applies to the NSA. That it has some bright brains who have some impressive technical capabilities does not mean that they should be permitted to wantonly do it without proper civilian oversight, including the requirement that no US citizen's data be collected without an explicit and accurate warrant.
In other words; capacity is only part of the equation.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Yes, but it's only in the last couple decades that they've been able to regroup all the data from all the forms of communication attached to every single user.
The scale of the task used to keep people focused on potential targets. Now it's about having everything on everyone, because nobody ever got fired for having too much data when shit happens.
"The question is regarding the set of controls over how and when this is done."
Yes, about those... The secret ones, that you'd need access to secret information to verify compliance with, based on a classified interpretation of a massive hodgepodge of assorted laws, executive orders, and precedents, as interpreted by a secret court that doesn't release opinions and hears only testimony from the state agents requesting authorization? Those ones... Forgive me if I'm... less than 100% reassured.
Internal regulation and discipline can't even keep the officers of Hickville PD from periodic abuses that end up drawing big civil suits, and those guys are both nearly powerless and highly vulnerable to 3rd party scrutiny. Why would anyone expect 'controls' on an agency that can just stamp 'Double Top Secret' on anything embarassing and bury it forever to be more than a joke for the break room?
From the following linked article:
"During a recent interview session I had with Mikko Hypponen, the chief research officer for digital security company F-Secure Corp, he shared that he was friends with the men behind Rovio, the creators behind another massive success story--Angry Birds."
http://www.thestar.com.my/stor...
A couple of years ago I tried, in earnest, to inform Mikko Hypponen of evidence I had acquired (first-hand) that proved that Sony Entertainment was gathering data from computers that had Sony software installed, after being referred to him by Mark Russinovich (of Microsoft/Sysinternals fame). I was stone-walled completely, even after providing crash-dumps that held all the evidence he needed to go public-- now, I know why.
Indeed, that's the difference. When they had to show up with a warrant for a specific individual and have agents sit and listen, they did that for high value suspects. Now it's all of us, all the time, who are the targets.