These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database

Thought Cambridge Analytica was creepy? This Israeli surveillance juggernaut is sitting on a massive database of faces taken from Facebook and YouTube, all feeding facial recognition tech for national governments.

www.forbes.com|Thomas Fox-Brewster

Forbes has uncovered one case that might shock them: over the last five years a secretive surveillance company founded by a former Israeli intelligence officer has been quietly building a massive facial recognition database consisting of faces acquired from the giant social network, YouTube and countless other websites. Privacy activists are suitably alarmed.

That database forms the core of a facial recognition service called Face-Int, now owned by Israeli vendor Verint after it snapped up the product's creator, little-known surveillance company Terrogence, in 2017. Both Verint and Terrogence have long been vendors for the U.S. government, providing bleeding-edge spy tech to the NSA, the U.S. Navy and countless other intelligence and security agencies.

As described on the Terrogence website, the database consists of facial profiles of thousands of suspects "harvested from such online sources as YouTube, Facebook and open and closed forums all over the globe." Those faces were extracted from as many as 35,000 videos and photos of terrorist training camps, motivational clips and terror attacks. That same marketing page was online in 2013, according to internet archive the Wayback Machine, indicating the product is at least five years old.

One ex-staffer, in describing her role as a Terrogence analyst, said she'd "conducted public perception management operations on behalf of foreign and domestic governmental clients," and used "open source intelligence practices and social media engineering methods to investigate political and social groups."

N.S.A. Halts Collection of Americans’ Emails About Foreign Targets

The National Security Agency program was one of the most disputed forms of surveillance.

www.nytimes.com|Charlie Savage

Analysts are still, however, permitted to search for an American’s information within another repository of emails gathered through the warrantless surveillance program’s so-called Prism or “downstream” system, which gathers emails of foreign targets from providers like Gmail and Yahoo Mail. That system does not collect “about” communications.

Who Owns Your Face?

Advertising companies, tech giants, data collectors, and the federal government, it turns out.

www.theatlantic.com|Adrienne LaFrance

• FBI's facial recognition database is dangerously inaccurate, Engadget
• Anti-Surveillance Camouflage for Your Face

The F.B.I.’s latest facial recognition tools give the agency the ability to scan millions of photos of ordinary Americans.

The F.B.I. is able to access images from driver’s licenses in at least 18 states, as well as millions of mugshots.

“Most people have no idea that this is happening.“

“The latest generation of this technology will allow law enforcement to scan the face of every man, woman, and child walking in front of a street surveillance camera… Do you have the right to walk down the street without the government secretly scanning your face? Is it a good idea to give government so much power with so few limits?”,  Alvaro Bedoya, the executive director of the Center on Privacy and Technology at Georgetown Law, in testimony at the hearing

"Vault 7: CIA Hacking Tools Revealed" has been published by Wikileaks recentely, and Notepad++ is on the list.

The issue of a hijacked DLL concerns scilexer.dll (needed by Notepad++) on a compromised PC, which is replaced by a modified scilexer.dll built by the CIA. When Notepad++ is launched, the modified scilexer.dll is loaded instead of the original one. It doesn't mean that CIA is interested in your coding skill or in your sex message content, but rather it prevents raising any red flags while the DLL does data collection in the background.

For remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch.

Checking the certificate of a DLL makes it harder to hack. Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.

Just like knowing the lock is useless for people who are willing to go into my house, I still shut the door and lock it every morning when I leave home. We are in a f**king corrupted world, unfortunately.

Otherwise there are a lot of enhancements and bug-fixes which improve your Notepad++ experience. For all the detail change log, please check in the Download page.

I’ll never bring my phone on an international flight again. Neither should you.

A few months ago I wrote about how you can encrypt your entire life in less than an hour. Well, all the security in the world can’t save you if someone has physical possession of your phone or laptop, and can intimidate you into giving up your password.

medium.freecodecamp.com|Quincy Larson

And a few weeks ago, that’s precisely what happened to a US citizen returning home from abroad.

On January 30th, Sidd Bikkannavar, a US-born scientist at NASA’s Jet Propulsion Laboratory flew back to Houston, Texas from Santiago, Chile.

On his way through through the airport, Customs and Border Patrol agents pulled him aside. They searched him, then detained him in a room with a bunch of other people sleeping in cots. They eventually returned and said they’d release him if he told them the password to unlock his phone.

Bikkannavar explained that the phone belonged to NASA and had sensitive information on it, but his pleas fell on deaf ears. He eventually yielded and unlocked his phone. The agents left with his phone. Half an hour later, they returned, handed him his phone, and released him.

What’s the worst thing that could happen if the Customs and Border Patrol succeed in getting ahold of your unlocked phone? Well…

• Think of all of the people you’ve ever called or emailed, and all the people you’re connected with on Facebook and LinkedIn. What are the chances that one of them has committed a serious crime, or will do so in the future?
• Have you ever taken a photo at a protest, bought a controversial book on Amazon, or vented about an encounter with a police officer to a loved one? That information is now part of your permanent record, and could be dragged out as evidence against you if you ever end up in court.
• There’s a movement within government to make all data from all departments available to all staff at a local, state, and federal level. The more places your data ends up, the larger a hacker’s “attack surface” is — that is, the more vulnerable your data is. A security breach in a single police station in the middle of nowhere could result in your data ending up in the hands of hackers — and potentially used against you from the shadows — for the rest of your life.

Edward Snowden’s New Job: Protecting Reporters From Spies

America's most wanted whistle-blower is sharing his tricks to help defend the free press.

www.wired.com

This story is part of our special coverage, The News in Crisis.

“Watch the journalists and you’ll find their sources,” Snowden says. “So how do we preserve that con­fidentiality in this new world, when it’s more important than ever?”

Since early last year, Snowden has quietly served as president of a small San Francisco–based nonprofit called the Freedom of the Press Foundation. Its mission: to equip the media to do its job at a time when state-­sponsored hackers and government surveillance threaten investigative reporting in ways Woodward and Bernstein never imagined. “Newsrooms don’t have the bud­get, the sophistication, or the skills to defend them­selves in the current environment,” says Snowden, who spoke to WIRED via encrypted video-chat from his home in Moscow. “We’re trying to provide a few niche tools to make the game a little more fair.”

Snowden and renowned hacker Bunnie Huang have partnered to develop a hardware modification for the iPhone, designed to detect if malware on the device is secretly transmitting a reporter’s data, including location. They’re developing a piece of software called Sunder that uses code written by Frederic Jacobs, one of the programmers for the popular encryption app Signal

But the foundation’s biggest coup has been SecureDrop, a Tor-based system for WikiLeaks-style uploads of leaked ­materials and news tips. The system has now been adopted by dozens of outlets, including The Guardian, The New York Times, and The Washington Post. “It works. I know,” hinted a tweet from Washington Post reporter David Fahrenthold the day after he published a leaked video of Donald Trump bragging about sexual assault. 

Microsoft Allowed to Sue U.S. Government Over E-mail Surveillance

Microsoft persuaded a judge not to let the U.S. government out of a lawsuit alleging that clandestine interception of users’ e-mails on company servers violates its free-speech rights.

www.bloomberg.com

Microsoft Corp. persuaded a judge not to let the U.S. government out of a lawsuit alleging the company’s free-speech rights are violated by a law that blocks it from alerting users to the clandestine interception of their e-mails.

The judge said Microsoft has at least made a plausible argument that federal law muzzles its right to speak about government investigations, while not ruling on the merits of the case.

"The public debate has intensified as people increasingly store their information in the cloud and on devices with significant storage capacity,” U.S. District Judge James Robart in Seattle said in Thursday’s ruling. “Government surveillance aided by service providers creates unique considerations because of the vast amount of data service providers have about their customers."

The FBI Is Building A National Watchlist That Gives Companies Real Time Updates on Employees

Will the FBI’s Rap Back service notify your boss that you got arrested protesting the inauguration?

theintercept.com

As suprgeek points out:

• Go to protest against Trump (or even to document it [1]) 
• Get arrested and charged with "Rioting", "Disturbing the Peace" or my most favorite "Resisting Arrest[2]"
• Get an Arrest Record
• Get fired immediately thanks to RAP BACK
• Charges get dropped
• Rinse and repeat *** If the gov't remembers to update their database!

Welcome Absolute Fascism.

1. The FBI can have a Rap Back system and NGI database but the FBI is prohibited by Republicans from keeping a Gun Registry database, Gun Violence database or performing Gun Violence Research.
2. AND the Trump Administration will "no longer target groups such as white supremacists” Strange since White Supremacists account for most of the 'Homegrown Terrorism'. What’s the probability of Bannon and Sessions removing names from gov’t databases?

Outdated and incorrect criminal history information already leads to workers losing their jobs. Labor and privacy advocates fear that the national Rap Back program, which draws on a massive NGI database and depends on data sharing between several agencies, will only make these errors worse.

FBI and state databases are not known for their accuracy. As the National Employment Law Project reported in 2013, as many as 50 percent of the FBI’s arrest records fail to include information on the final disposition of a case — that is, whether a person was convicted, acquitted, or if charges against them were dropped. Because many people who are arrested are never charged or convicted, a high percentage of the FBI’s records incorrectly indicate a subject’s involvement with a crime.

THE FBI’S RAP BACK program is quietly transforming the way employers conduct background checks. While routine background checks provide employers with a one-time “snapshot” of their employee’s past criminal history, employers enrolled in federal and state Rap Back programs receive ongoing, real-time notifications and updates about their employees’ run-ins with law enforcement, including arrests at protests and charges that do not end up in convictions. (“Rap” is an acronym for Record of Arrest and Prosecution; ”Back” is short for background). 

Testifying before Congress about the program in 2015, FBI Director James Comey explained some limits of regular background checks: “People are clean when they first go in, then they get in trouble five years down the road [and] never tell the daycare about this.”

Rap Back has been advertised by the FBI as an effort to target individuals in “positions of trust,” such as those who work with children, the elderly, and the disabled. According to a Rap Back spokesperson, however, there are no formal limits as to “which populations of individuals can be enrolled in the Rap Back Service.” Civil liberties advocates fear that under Trump’s administration the program will grow with serious consequences for employee privacy, accuracy of records, and fair employment practices.

A majority of states already have their own databases that they use for background checks and have accessed in-state Rap Back programs since at least 2007; states and agencies now partnering with the federal government will be entering their data into the FBI’s Next Generation Identification (NGI) database. 

The NGI database, widely considered to be the world’s largest biometric database, allows federal and state agencies to search more than 70 million civil fingerprints submitted for background checks alongside over 50 million prints submitted for criminal purposes.

In July 2015, Utah became the first state to join the federal Rap Back program. Last April, aviation workers at Dallas-Ft. Worth Airport and Boston Logan International Airport began participating in a federal Rap Back pilot program for aviation employees. Two weeks ago, Texas submitted its first request to the federal criminal Rap Back system.

The FBI has the license to retain all submitted fingerprints indefinitely — even after notice of death. Employers are even offered the option to purchase lifetime subscriptions to the program for the cost of $13 per person.

The agency is no stranger to mission creep. As documents obtained by EPIC show, the FBI’s use of facial recognition searches is increasing and the NGI database continues to expand.

Facebook is terrifying

Remember that last time you posted a picture on Facebook and it automatically suggested to tag other people on the photo? Nothing unusual. You’ve tagged these people before, right? You’ve trained the machine learning face-recognition algorithm. And now Facebook can spot where they are on your picture.

medium.com|Alex Yumashev

Even if you’re extremely cautious, even if you never post anything on Facebook, even if you have “location services” disabled on your phone at all times etc. etc. Facebook still knows where you are. You can’t stop other people from taking selfies in an airport.

Facebook uses a program it calls DeepFace to match other photos of a person. Alphabet Inc.’s cloud-based Google Photos service uses similar technology.

According to the company’s research, DeepFace recognizes faces with an accuracy rate of 97.35 percent compared with 97.5 percent for humans — including mothers

We could soon have security cameras in stores that identify people as they shop (source)

Facebook has about 600 terabytes of data coming in on a daily basis (source, 2014).

Singapore to record iris scans of citizens | ZDNet

Singapore's immigration department will begin collecting iris images of citizens and permanent residents as an additional personal identifier, which is aimed at improving the efficiency of its operations.

www.zdnet.com|Eileen Yu

Starting January 1 next year, Singapore will begin including iris scans as part of the country's registration process for citizens and permanent residents.

This was part of efforts to improve the "effectiveness and efficiency" of operations undertaken by the Immigration and Checkpoints Authority (ICA), the Ministry of Home Affairs said in a statement Wednesday.

Lee said technological advancements had pave the way for other personal identifiers, apart from photographs and fingerprints, to be collected. Noting that iris scan was a proven technology, he said nations such as German and the Netherlands had been using the technology since the early 2000s. Countries such as the United Arab Emirates also had made the collection of iris images from their citizens mandatory to facilitate immigration clearance.

"The collection and verification of iris images is similar to taking a photograph. It is convenient, contactless and non-intrusive and can be completed in seconds," he said.

After Trump’s Win, Secure Messaging App Signal's Downloads Increase 400%

"I think there's a lot of fear, given Trump's alarming statements about surveillance and his penchant for revenge, that he will attempt to use surveillance to crush dissent."

www.buzzfeed.com|Hamza Shaban

“There has never been a single event that has resulted in this kind of sustained, day-over-day increase,” Moxie Marlinspike, the founder of Open Whisper Systems, the software nonprofit behind Signal, told BuzzFeed News. Marlinspike interpreted the jump as a reaction to Trump’s win, and anxiety over the future of US surveillance.

The secure communications tool is well-known in technologists, journalists, and political activists’ circles. It allows people to text and speak with one another using what’s known as end-to-end encryption, meaning only the sender and their intended recipient can read or hear the message.

“Trump is about to be put in control of the most pervasive, largest, and least accountable surveillance infrastructure in the world,” Marlinspike said. “People are maybe a little bit uncomfortable with him.”

In an op-ed calling for expanding US surveillance programs, Trump’s pick for CIA director, Kansas Representative Mike Pompeo, suggested that merely using secure encryption tools may call the attention of counterterrorism officials. “[T]he use of strong encryption in personal communications may itself be a red flag,” he wrote in the Wall Street Journal in January. In the same essay, Pompeo defended the government’s ability to search Americans without a warrant, and the surveillance of social media posts.

Big data company Palantir quietly raised another $20M in November

Palantir -- that $20 billion secretive outfit that provides government, finance, healthcare and other organizations with analytics, security and other data..

techcrunch.com|Ingrid Lunden

The November 23 Form D filing notes that the date of first sale for this newest round was November 8 — coincidentally (?), the same date as the U.S. election that saw Donald Trump win the presidential race. Palantir co-founder Peter Thiel, who is also its chairman and major shareholder, was a vocal supporter of Trump.

James Clapper Decides to Skip Trump Regime, Submits Resignation

The Director of National Intelligence, James Clapper, submitted a letter of resignation on Wednesday to the House Select Committee on Intelligence.

gizmodo.com|Michael Nunez

Clapper reportedly said, it “felt pretty good” to submit his resignation.

Clapper, a retired lieutenant general in the Air Force, has been the face of several controversies surrounding US intelligence during his time as director. Most notably was the time he gave a false testimony under oath about the National Security Agency’s (NSA) domestic surveillance programs to a senate committee.

During the March 2013 public hearing, Sen. Ron Wyden (D-Ore.) asked Clapper in explicit terms,“Does the NSA collect any type of data at all on millions, or hundreds of millions, of Americans?”

Clapper said, “No, sir... Not wittingly. There are cases they could inadvertently, perhaps, collect. But not wittingly.”

Clapper’s testimony to Congress was later proven to be false when The Guardian published the first of the global surveillance documents leaked by Edward Snowden. The documents that were published revealed that the NSA had collected phone records of over 120 million Verizon subscribers. It was also revealed the NSA conducted bulk collection of American’s metadata tied to communications . The sprawling surveillance operation was enabled by Section 215 of the Patriot Act.

How President Trump could abuse big data and the surveillance state

The next Snowden probably will not leak classified details of the NSA's illegal spying programs. Rather, he'll use those programs to dig up compromising intel..

techcrunch.com|Jon Stokes

I want to be clear that I’m not in any way advocating, as some have, that we should somehow stop Trump from taking the oath of office. That ship has sailed. We had an election, and Trump won. Fantasies of swift impeachment or Electoral College shenanigans are just that, fantasies. Equally unserious is the whole “Unplug the NSA” campaign, recently advocated in Time.

No, our only real hope lies in technologies of resistance that ordinary people can use to check the surveillance state’s power at every level, from the individual smartphone to the network connection to the datacenter. Specifically, we need the major companies that host our digital lives — Google, Apple, Amazon, Facebook, and others — to immediately convene a private-sector Manhattan Project aimed at bringing security, privacy, and truly anonymous political speech back to the Internet. And if Facebook persists in its privacy-hostile stance, then Mark Zuckerberg must be rejected by business elites as a man every bit as toxic as Peter Theil.

I believe that the engineers who built this monster can tame it — they owe that to all of us. What technology has broken, technology can fix. The folks who had a hand in building our digital panopticon must give us the tools to fight it, and then we must all commit to using those tools in every area of our digital lives.