1.3M Cellphone Snooping Requests Yearly? It’s Time for Privacy and Transparency Laws

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Investigative, Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security Comments Off

Dec 042012

1.3M Cellphone Snooping Requests Yearly? It’s Time for Privacy and Transparency Laws

WIRED
by Davit Kravits
July 11, 2012

Cellular Tower

The nation’s mobile carriers weren’t kidding in April when they told California lawmakers that they were working “day and night” responding to police inquiries for subscriber information, such as locational data of where the phone was when it made and received calls.

That, they said, made them just too busy to have to report publicly how often they get such requests, and the politically powerful carriers ultimately defeated California legislation requiring them to do so.

But now it’s time for that requirement — as well as increased protection for Americans’ private data — to be made the law of the land.

On Monday, Rep. Edward Markey (D-Massachusetts), as part of a congressional probe, divulged statistics about the number of requests made to cellphone providers, for the first time ever revealing that the carriers assisted law enforcement an eye-popping 1.3 million times last year alone in dishing out subscriber information like text messages, location data and calling records.

There is no oversight at all of these tower dumps

And there was more disturbing information. AT&T revealed it charges a mere $75 for a “tower dump,” which tells police what mobile phones pinged a tower in a given time period, though we have no idea how often this happens or whether police store or share that data.

The nine responding companies to Markey — which reported about a 15 percent annual increase in government demands for subscriber information, did not disclose how many of these so-called tower dumps they performed. The dumps provide to law enforcement any cell phone number that has pinged a tower in a given time frame.

“There is no oversight at all of these tower dumps,” said Christopher Soghoian, a privacy expert. “We don’t know how many tower dumps, or what the government does with the data.”

The big four companies — AT&T, Sprint, T-Mobile, Verizon — and the five others need to report how often they perform these, as thousands of innocent people, including those exercising their rights to protest, can be swept up by such an order, and there’s no warrant required to get them.

AT&T also revealed that it receives more than 200 “exigent” requests a day — a sworn declaration from an officer that there’s an emergency — in which case AT&T hands over the data without a judge approving. That’s 79,300 in 2011, up from 25,000 in 2007.

What gives? Is this because more people have cell phones? Have we become a nation rife with emergencies or is it possible that police are abusing this power?

What’s apparent from the numbers and the questions they raise is that an informed citizenry can’t afford not to know how often and how the government gets access to the data nearly all of us generate daily as we lug our smartphones around everywhere.

In fact, the hodgepodge of data reported by the nine carriers leaves it unclear whether police are routinely violating Americans’ constitutional right to be free from unreasonable searches and seizures.

That’s because the law is murky at best about whether warrants are required for certain things, like locational tracking information that documents when and where a mobile phone pings cell towers or makes calls.

That makes it all the more important for Congress to fix those laws. And lawmakers need to require the nation’s carriers, who rent the public airwaves, to regularly report in detail how often they get such requests for data and how they respond.

“The data cries out for a public reporting requirement,” said Greg Nojeim, a director with the Center for Democracy & Technology.

There’s clear precedent for this information, and gross statistics wouldn’t endanger the public. The Justice Department, by law, has to report annually how often they use National Security Letters, obtain espionage and terrorism-related FISA wiretaps, as well as more run-of-the-mill phone tracking methods known as trap-and-traces and pen registers.

The nation’s court system also makes public every year the number of criminal wiretaps employed by federal, state and local officials.

The carriers could easily be required to be publish detailed data annually and made available to the public.

And the lawmakers can also do the carriers a favor by finally clarifying what protections Americans’ data has — and what the FBI and other law enforcement groups need to do to get the data.

As Voyan McCann, a Sprint vice president, said in a letter to Rep. Edward Markey (D-Massachusetts), it’s hard for a mobile phone service provider to know whether it is being properly served, since the legal standard of whether a probable-cause warrant was needed for locational information is murky — and varies across the country.

“Given the importance of this issue, the competing and at times contradictory legal standards, Sprint believes Congress should clarify the legal requirements for disclosure of all types of location information to law enforcement personnel,” McCann wrote wrote (.pdf).

Markey, who co-chairs the Congressional BiPartisan Privacy Caucus, asked the carriers in May for the number of times they supply information to law enforcement, and under what circumstances. Markey released the responses Monday.

The American Civil Liberties Union seized on the revelations too, urging lawmakers to pass the Geolocation Privacy and Surveillance Act, which is pending in the House and Senate. It would require a probable-cause warrant for locational tracking information — and not leave it up to the whims of judges, prosecutors or the carriers.

“Whether they realize it or not, Americans are carrying tracking devices with them wherever they go. Today’s new information makes it clear that law enforcement has carte blanche to follow the trail they leave behind,” Christopher Calabrese, the ACLU’s legislative counsel, said in a statement.

Warrantless locational tracking of Americans is now a legal battleground following the Supreme Court’s decision in January requiring the authorities to obtain a warrant before affixing a GPS device to a vehicle and tracking its every move.

Battling to keep that ruling firewalled to vehicle tracking, the Justice Department claims it needs no warrant to acquire the GPS locational data from a cell phone — and instead only needs to show that the information sought is “relevant and material” to an investigation.

The Supreme Court said the act of affixing the GPS device to a vehicle amounted to a search. But when the phone — the GPS device — is already in somebody’s pocket, there’s no search and no warrant needed, the government argues, “because there is no trespass or physical intrusion on a customer’s cellphone.”

The administration also claims that, because the locational data is maintained by a third party, (.pdf) Americans have no expectation that it would be kept private. The Supreme Court has not decided the issue.

Congress, however, can and should settle it and require police to get a probable-cause warrant — which will make it clear to all what legal standards should be followed.

“The lack of clarity in the law has put providers in a tough spot and has put law enforcement in a tough spot and has put consumers in an impossible spot. When nobody knows the rules, because the rules haven’t yet been set, nobody wins,” Nojeim said.

And unless Markey keeps getting re-elected and demanding the information every year, Americans have no way to know what data is being doled out by their mobile phone provider or how often the government requests it.

That’s not a healthy way to run a democracy.

Direct Link: http://www.wired.com/threatlevel/2012/07/mobile-data-transparency/all/

Car-hacking: Remote access and other security issues

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Social Media, Technology & Digital Security Comments Off

Aug 102012

Car-hacking: Remote access and other security issues

It’s not time for full-on panic, but researchers have already successfully applied brakes remotely, listened into conversations and more.

ComputerWorld
by Linda Malone
August 6, 2012

Computerworld –

A disgruntled former employee of Texas Auto Center chose a creative way to get back at the Austin-based dealership: He hacked into the company’s computers and remotely activated the vehicle-immobilization system, which triggered the horn and disabled the ignition system in more than 100 of the vehicles. The dealership had installed the system in their cars as a way to deal with customers who fell behind on their payments.

Police arrested the man and charged him with breach of computer security. His legal status was unclear as of our deadline for this story.

Out-of-control honking horns may be annoying, but other types of hacking, such as cutting the engine of unsuspecting drivers, could have deadly consequences. Although most experts agree there isn’t an immediate risk, vehicle hacking is something that bears watching.

A 2011 report (PDF) by researchers at the University of California, San Diego and others site numerous “attack vectors,” including mechanics’ tools, CD players, Bluetooth and cellular radio as among the potential problems in today’s computerized cars.

With the increasing computerization of vehicles of all types, observers have longer-term concerns over the vulnerabilities of trucks, delivery vans, rental cars and consumer autos. A malicious hacker could, in theory, disable the vehicles, re-route GPS signals or otherwise put employees, customers and the company as a whole in danger.

Consumers are getting worried about the safety and privacy risks that come with today’s connected cars, according to a Harris Interactive poll released last week. For their part, auto makers and industry association spokesmen responded that they are adding electronic features carefully and based on market research.

Modern vehicle engines bear little resemblance to the engines of the past. Engines originally consisted of various mechanical devices assembled around a combustion engine. Within the past 20 years, cars have evolved to contain a complex network of as many as 50 to 70 independent computers, electronic control units (ECUs) with up to 100MB of binary code. Automotive ECUs originally entered production in the U.S. largely in response to California’s automotive-emissions reduction law, first passed in 1961, and then the subsequent federal Clean Air Act, passed originally in 1963, strengthened considerably in 1970 and updated since then.

ECUs measure the oxygen present in exhaust fumes and adjust the fuel/oxygen mixture before combustion, which improves efficiency and reduces pollutants. Over time these systems have become integrated into nearly every aspect of a car’s functioning, including air bag deployment, steering, braking and other real-time systems.

In the mid-1990s car manufacturers began integrating more powerful ECUs with peripherals such as GM’s OnStar system, which is a combination GPS, emergency response unit and vehicle recovery system. An OnStar-equipped car can analyze its on-board diagnostics as the car is being driven, detecting problems and alerting the driver to any issues that require a visit to the repair shop.

These ECUs connect to one another and to the Internet, making car computers as vulnerable to the same digital dangers widely known among PCs and other networked devices: viruses, Trojans, denial-of-service attacks and more.

“The Austin case is a fairly particular case in that they had an add-on system that specifically gave them the ability to wirelessly immobilize the cars,” says Stefan Savage, professor in the department of computer science and engineering at the University of California, San Diego. “It’s not a standard feature on most automobiles.”

Generally speaking, these types of systems are there to disable the vehicle in the event of theft and enable their eventual recovery, says Savage. “This was not a case of hacking into a system or creating new functionality that didn’t exist before,” he explains. But that’s not to say it can’t be done. “In our research we demonstrated taking over a car through a software vulnerability and creating a completely new piece of functionality that did not exist before,” he says.

GM’s OnStar service, which also helps recover stolen vehicles, is currently the only vendor advertising that capability as a standard feature, says Savage. “However, the set of cars for which a clever adversary could create a new capability to shut down the car is likely quite a bit larger.”

AT&T exhibitors show off the new Ford Focus Electric car at the CTIA Conference in New Orleans in May 2012. The MyFord Mobile system will connect through the AT&T wireless network, which allows car users to remotely access the car using standard wireless technology, according to Ford. Some security experts wonder if standard wireless hacking techniques will become a problem. REUTERS/Sean Gardner

Motive behind the madness

One of the saving graces is there are relatively few motivations to stealing vehicles via a sophisticated hack, Savage adds, because of the complexity involved and the need to spend some serious cash to be able to pull it off. “There is a theft motivation. But while we’ve been able to demonstrate a computer attack and steal cars, frankly it’s still easier to use a Slim Jim,” he says, referring to the classic lock pick.

“The Austin scenario could not happen to a system that is not networked,” says Dan Bedore, director of product communications at Nissan North America. “Our vehicle control modules are discrete systems and are not networked. So any scenario that involves hacking a car would be limited to a single unit.”

If a fleet of, say, 100 units were immobilized, “the hack would likely be into some added hardware or software installed by the fleet operator,” such as what occurred in Austin, says Bedore.

Nonetheless, a fair number of vulnerabilities in car computer systems currently exist, says Savage, although he feels it will be a while before computerized attacks are preferable to physical ones. “The most likely scenario where you have to worry are disgruntled attacks, where people are trying to sow havoc,” he says.

Inside threat

There are two main ways an attacker could theoretically gain access to a car’s internal network. The first is by physical access, such as a mechanic, a valet, a person who rents a car, an ex-friend or car owner, someone with momentary access to the vehicle. The attacker could insert a malicious component into a car’s internal network via the OBD-II port, typically located under the dashboard. A brief period of connectivity embeds the malware within the car’s components.

Similarly, counterfeit or malicious components may enter the vehicle before it is sent to the dealer or with a car owner’s purchase of an after-market component such as a radio or alarm.

“One of the attacks we staged took advantage of vulnerability in the diagnostic tools used at dealerships,” says Savage. “We built a virus that could get into a dealership and then could affect the diagnostic tools. So whenever a car was brought into the dealership and the diagnostic tool was connected to the car it would infect the car.”

Savage and his team built a package that, upon taking over the car, would then contact his team’s servers via the Internet and request further instructions. “At that point we could download just about any functionality we wanted — disable the car, listen to conversations in the car, turn on the brakes, etc.”

Access may also happen via numerous wireless interfaces. “Cars are not only becoming more computerized internally, but that they are becoming increasingly connected to the outside world,” says Franziska Roesner, a student and researcher in the security and privacy research lab at the University of Washington. She calls this interconnectedness a “concerning” trend.

Today’s cars are connected to the cell phone network and to the Internet via systems including OnStar, Ford Sync and others, Roesner explains. They have Bluetooth connectivity, short-range wireless access for key fobs and tire pressure sensors, they support satellite radio and they also have inputs for CDs, iPods, USB devices and others, he says.

__________________________________________

BMWs hacked via diagnostic port

Thefts of BMWs in the U.K. recently spiked as thieves discovered they could bypass the car’s alarm system and immobilizers. Using devices that plug into the car’s OBD port, thieves programmed blank key fobs and drove the stolen cars away.

Reports indicate that such thefts appear to work similarly: After gaining access to the vehicle, either by breaking a window or via a nearby RF jammer — which blocks the fob lock signal from reaching the car, thus preventing the car owners from properly securing their own vehicle even if they think they have — thieves gain access to the car’s OBD-II connector. This allows the thief to gain access to the car’s unique key fob digital ID, enabling him to program a blank key fob on the spot, insert the key and steal the car.

In a statement by BMWs U.K. media relations manager, Gavin Ward, the company noted it is aware of and investigating the security loophole. The loophole affects all BMW series models, from the 1 to the X6.

__________________________________________

“We liken this increase in connectivity to the desktop computing world before the Internet: Security vulnerabilities on disconnected machines suddenly became very important when computers were networked together,” says Roesner. “There’s even talk among auto manufacturers about creating app stores for cars. We’re at the same point in the evolution of computerized automobiles.”

Roesner works with other researchers to identify these issues with the goal of addressing them before they become major problems.

Studies conducted by Roesner and her colleagues show the OBD-II port as the most significant automotive interface for hacking purposes. This port provides access to the vehicle’s key controller area network buses and can provide sufficient access to affect the full range of a vehicle’s systems.

Alternatively, hackers may deliver malicious input by encoding it into a CD or a song file, which may “live” on an iPod or other MP3 player, or by installing software that attacks the car’s media system when it connects to the Internet.

Currently, the Internet is only a hypothetical vulnerability, however, says Roesner. “In the case of the car that we examined, we used the malicious file on a CD to exploit a vulnerability in the radio.”

“In our research, we showed that attackers with access to the car’s network can completely control most of the car’s computerized components,” she says. This could allow an attacker to sabotage an automobile — disable the brakes or lights, for instance. “But we also showed that attackers could use such exploits to perform espionage,” Roesner explains. Examples include the ability to extract potentially sensitive GPS data from a system and send it outside of the vehicle to an attacker. Also, a car could be stolen if the hacker can override the car’s computerized theft detection/prevention system.

Automobiles most at risk include those with more components under computer control and without manual overrides, and those that are more connected to the outside world via the Internet or wirelessly, says Roesner.

Law enforcement fleet concerns

A security attack on a law enforcement fleet, in particular, may risk the lives of police officers as well as the general public. This issue raises concern at the Arizona Department of Public Safety, which in June fell victim to hackers who downloaded and released hundreds of law enforcement files on the Internet to protest a newly passed law they perceived as racist.

Hackers infiltrated accounts of Arizona law enforcement personnel and email accounts of the Arizona Legislature in a separate attack, posting items such as credit card information, photos, emails and documents including a master list of passwords and names and addresses of other police officers throughout the state of Arizona, according to Stacey Dillon, president of Public Safety Authority Media.

Extrapolating from there, she says, “If the hackers had accessed our fleets by, say hijacking our GPS system, it could present a lot of officer safety issues.” In that scenario, police couldn’t send backup units to the correct location if the GPS were compromised.

One safety check already in place: If a patrol car is idle or is stopped for 45 minutes to an hour, “an automatic signal is sent to our dispatchers and they’re told to check on it,” says Dillon.

An Apple iPad is seen integrated into the Jaguar XJ Ultimate, the most luxurious Jaguar sedan ever made ($515,000), as shown in a Hong Kong showroom in May 2012. Some observers wonder if all that computer horsepower opens autos to malicious hacking. REUTERS/Bobby Yip

Rick Perine, vice president of the Mesa (Ariz.) Police Association, agrees that a hacker could stop police in their tracks. “We use a GPS map in our vehicles that’s constantly updated,” he explains. Among other things, “it relays to our dispatch where our patrol unit is, Hacking into our GPS could put me in the wrong part of town and another officer dispatched to a different part of town, which puts me in danger.”

The use of an after-market product is the most likely way for a hacker to take over a vehicle fleet, says André Weimerskirch, CEO of Escrypt Inc., a provider of embedded security systems based in Ann Arbor, Mich. “If you own a business and you use after-market products to equip your fleet with GPS, for example, it’s important to look at the details in terms of security.”

After-market products work similarly to remote-control car engine starters marketed to consumers through retail stores, says Weimerskirch. “Remote control starters work by undermining the theft protection mechanism in the car. This opens the door for anyone to steal your car.”

A clear, but not yet present, danger

“We can remotely stop the brakes on a car from 1,000 miles away, but it’s not a clear and present danger today,” Savage explains.

Doing this kind of a hack requires a large investment of time and money. “You need to buy the kind of car you want to hack,” says Savage. “You have to be really motivated to do this; it’s not something someone will do as a hobby. Because of the time and money involved, I don’t think it’s an imminent problem.”

We liken this increase in connectivity to the desktop computing world before the Internet: Security vulnerabilities on disconnected machines suddenly became very important when computers were networked together.

Franziska Roesner, Researcher, University of Washington

Although hacking into fleets may not present an immediate danger, manufacturers are taking this research seriously, says Savage. “Every manufacturer we are aware of is putting substantially more research into security than they have in the past. The challenge is they’ve never had to think about this before at all.”

The good news is that car manufacturers can ramp up very quickly by adapting the same techniques as those used with PCs, such as finding latent security vulnerabilities, implementing data execution prevention and other measures, says Savage. “Some things will [require] standardization to make them economically feasible,” he says.

The Society for Automotive Engineers (SAE), the industry’s premier standardization group, is in the process of trying to set security baselines “based on our work,” says Savage. “But it will take a while because there’s so many different components involved.”

Next steps

Roesner’s research pointed to diagnostic tools used by service personnel as a potential source of attacks, she says. “These tools can be used to exploit vulnerabilities in automobiles,” so owners need to be careful about who is permitted to access the OBD-II diagnostic ports of their cars, Roesner says.

Beyond individual auto companies, the U.S. Department of Transportation has “shown interest,” she explains. The United States Council for Automotive Research (USCAR) and the SAE have both created tasks forces focused on computer security for automobiles.

Now is a good time to look at this and start thinking of possible solutions, when automakers and fleet owners are not in panic mode, says Savage. “We’re working with the car industry to get ahead of it. In five to 10 years, it may be more of an issue.”

See related stories:

Direct Link: http://www.computerworld.com/s/article/9229919/Car_hacking_Remote_access_and_other_security_issues

Pursuing iPhone Thief, Officer Knew Right Buttons to Push

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Law Enforcement, Technology & Digital Security No Responses »

Jan 282012

Pursuing iPhone Thief, Officer Knew Right Buttons to Push

The New York Times

By C. J. HUGHES

January 27, 2012

As crime-solving tools go, it may not have the same pedigree as, say, the oversize magnifying glass. But with apologies to Sherlock Holmes, an iPhone — specifically, the iPhone 4 — proved quite useful in helping police officers track down a robber on Thursday in Manhattan.

And at a pace that may shock any reader of a long-winded Victorian detective novel, it was all wrapped up within a half-hour.

The case involved the robbery of a similar iPhone from a handbag store. On Friday, the arresting officer, Robert Garland, shared details about how the low-level crime occurred, and how the high-tech arrest was made.

At about 7 p.m. on Thursday, a cashier at Tuci Italia, at 1393 Avenue of the Americas, near West 57th Street, was taking a break near the entrance of the shop and watching videos on YouTube, Officer Garland said, noting she was wearing headphones.

Then, a man came into the shop, pointed a gun at her, grabbed her iPhone and fled, she told the police.

When Officer Garland and Sgt. Richard Coan arrived, they found the woman crying, but Mr. Garland reassured her. “I told her when I walked in, ‘I’m going to find your iPhone,’ ” he said.

The ace up the sleeve of Officer Garland, an avid Apple consumer — he and his wife own iPhones, iPads and Macintosh computers — was something called “Find My iPhone,” a free 5.4-megabyte piece of software, or app, that he had on the iPhone in his pocket.

Punching in the victim’s Apple ID, which is the log-on people use to buy, say, songs from iTunes, he quickly determined by the location of a small gray phone icon on a digital map that the robber was near Eighth Avenue and 51st Street.

As Officer Garland and his partner drove there, the signal source shifted, closer to Eighth Avenue and 49th Street. There, a man later identified by the police as George Bradshaw, 40, of New Lots, Brooklyn, stepped outside a Food Emporium.

Officer Garland pushed the “Play Sound” button on his phone. Instantly, a pinging beep — not unlike the sound of a submarine’s sonar — began emitting from Mr. Bradshaw, 20 feet away.

As the officers closed in, joined by another pair, the pinging stopped. Had Mr. Bradshaw been an Apple aficionado, he might have known how to disable the iCloud setting, which could have stopped the trace.

Instead, Officer Garland said, the suspect left the phone unchanged, and the officer hit “play” again, prompting another round of pings. Mr. Bradshaw was caught red-handed, or more specifically, with the stolen iPhone in his right sock, Officer Garland said. The victim later identified him as the robber, and the phone was recovered.

“She was ecstatic,” Officer Garland said.

Mr. Bradshaw, already facing charges in a cellphone theft last month, was charged with robbery and possession of stolen property.

Direct Link: http://www.nytimes.com/2012/01/28/nyregion/pursuing-iphone-thief-officer-knew-buttons-to-push.html?_r=1&nl=todaysheadlines&emc=tha26

NYTimes – OPINIONS: Do Drones Undermine Democracy?

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security, U.S. MARINES & Military No Responses »

Jan 222012

New York Times – OPINIONS:

Do Drones Undermine Democracy?

The New York Times

By PETER W. SINGER

January 21, 2012

Unmanned aircraft at an American base in Afghanistan in 2011

Washington -

IN democracies like ours, there have always been deep bonds between the public and its wars. Citizens have historically participated in decisions to take military action, through their elected representatives, helping to ensure broad support for wars and a willingness to share the costs, both human and economic, of enduring them.

In America, our Constitution explicitly divided the president’s role as commander in chief in war from Congress’s role in declaring war. Yet these links and this division of labor are now under siege as a result of a technology that our founding fathers never could have imagined.

Just 10 years ago, the idea of using armed robots in war was the stuff of Hollywood fantasy. Today, the United States military has more than 7,000 unmanned aerial systems, popularly called drones. There are 12,000 more on the ground. Last year, they carried out hundreds of strikes — both covert and overt — in six countries, transforming the way our democracy deliberates and engages in what we used to think of as war.

We don’t have a draft anymore; less than 0.5 percent of Americans over 18 serve in the active-duty military. We do not declare war anymore; the last time Congress actually did so was in 1942 — against Bulgaria, Hungary and Romania. We don’t buy war bonds or pay war taxes anymore. During World War II, 85 million Americans purchased war bonds that brought the government $185 billion; in the last decade, we bought none and instead gave the richest 5 percent of Americans a tax break.

And now we possess a technology that removes the last political barriers to war. The strongest appeal of unmanned systems is that we don’t have to send someone’s son or daughter into harm’s way. But when politicians can avoid the political consequences of the condolence letter — and the impact that military casualties have on voters and on the news media — they no longer treat the previously weighty matters of war and peace the same way.

For the first 200 years of American democracy, engaging in combat and bearing risk — both personal and political — went hand in hand. In the age of drones, that is no longer the case.

Today’s unmanned systems are only the beginning. The original Predator, which went into service in 1995, lacked even GPS and was initially unarmed; newer models can take off and land on their own, and carry smart sensors that can detect a disruption in the dirt a mile below the plane and trace footprints back to an enemy hide-out.

There is not a single new manned combat aircraft under research and development at any major Western aerospace company, and the Air Force is training more operators of unmanned aerial systems than fighter and bomber pilots combined. In 2011, unmanned systems carried out strikes from Afghanistan to Yemen. The most notable of these continuing operations is the not-so-covert war in Pakistan, where the United States has carried out more than 300 drone strikes since 2004.

Yet this operation has never been debated in Congress; more than seven years after it began, there has not even been a single vote for or against it. This campaign is not carried out by the Air Force; it is being conducted by the C.I.A. This shift affects everything from the strategy that guides it to the individuals who oversee it (civilian political appointees) and the lawyers who advise them (civilians rather than military officers).

It also affects how we and our politicians view such operations. President Obama’s decision to send a small, brave Navy Seal team into Pakistan for 40 minutes was described by one of his advisers as “the gutsiest call of any president in recent history.” Yet few even talk about the decision to carry out more than 300 drone strikes in the very same country.

I do not condemn these strikes; I support most of them. What troubles me, though, is how a new technology is short-circuiting the decision-making process for what used to be the most important choice a democracy could make. Something that would have previously been viewed as a war is simply not being treated like a war.

THE change is not limited to covert action. Last spring, America launched airstrikes on Libya as part of a NATO operation to prevent Col. Muammar el-Qaddafi’s government from massacring civilians. In late March, the White House announced that the American military was handing over combat operations to its European partners and would thereafter play only a supporting role.

The distinction was crucial. The operation’s goals quickly evolved from a limited humanitarian intervention into an air war supporting local insurgents’ efforts at regime change. But it had limited public support and no Congressional approval.

When the administration was asked to explain why continuing military action would not be a violation of the War Powers Resolution — a Vietnam-era law that requires notifying Congress of military operations within 48 hours and getting its authorization after 60 days — the White House argued that American operations did not “involve the presence of U.S. ground troops, U.S. casualties or a serious threat thereof.” But they did involve something we used to think of as war: blowing up stuff, lots of it.

Starting on April 23, American unmanned systems were deployed over Libya. For the next six months, they carried out at least 146 strikes on their own. They also identified and pinpointed the targets for most of NATO’s manned strike jets. This unmanned operation lasted well past the 60-day deadline of the War Powers Resolution, extending to the very last airstrike that hit Colonel Qaddafi’s convoy on Oct. 20 and led to his death.

Choosing to make the operation unmanned proved critical to initiating it without Congressional authorization and continuing it with minimal public support. On June 21, when NATO’s air war was lagging, an American Navy helicopter was shot down by pro-Qaddafi forces. This previously would have been a disaster, with the risk of an American aircrew being captured or even killed. But the downed helicopter was an unmanned Fire Scout, and the story didn’t even make the newspapers the next day.

Congress has not disappeared from all decisions about war, just the ones that matter. The same week that American drones were carrying out their 145th unauthorized airstrike in Libya, the president notified Congress that he had deployed 100 Special Operations troops to a different part of Africa.

This small unit was sent to train and advise Ugandan forces battling the cultish Lord’s Resistance Army and was explicitly ordered not to engage in combat. Congress applauded the president for notifying it about this small noncombat mission but did nothing about having its laws ignored in the much larger combat operation in Libya.

We must now accept that technologies that remove humans from the battlefield, from unmanned systems like the Predator to cyberweapons like the Stuxnet computer worm, are becoming the new normal in war.

And like it or not, the new standard we’ve established for them is that presidents need to seek approval only for operations that send people into harm’s way — not for those that involve waging war by other means.

WITHOUT any actual political debate, we have set an enormous precedent, blurring the civilian and military roles in war and circumventing the Constitution’s mandate for authorizing it. Freeing the executive branch to act as it chooses may be appealing to some now, but many future scenarios will be less clear-cut. And each political party will very likely have a different view, depending on who is in the White House.

Unmanned operations are not “costless,” as they are too often described in the news media and government deliberations. Even worthy actions can sometimes have unintended consequences. Faisal Shahzad, the would-be Times Square bomber, was drawn into terrorism by the very Predator strikes in Pakistan meant to stop terrorism.

Similarly, C.I.A. drone strikes outside of declared war zones are setting a troubling precedent that we might not want to see followed by the close to 50 other nations that now possess the same unmanned technology — including China, Russia, Pakistan and Iran.

A deep deliberation on war was something the framers of the Constitution sought to build into our system. Yet on Tuesday, when President Obama talks about his wartime accomplishments during the State of the Union address, Congress will have to admit that its role has been reduced to the same part it plays during the president’s big speech. These days, when it comes to authorizing war, Congress generally sits there silently, except for the occasional clapping. And we do the same at home.

Last year, I met with senior Pentagon officials to discuss the many tough issues emerging from our growing use of robots in war. One of them asked, “So, who then is thinking about all this stuff?”

America’s founding fathers may not have been able to imagine robotic drones, but they did provide an answer. The Constitution did not leave war, no matter how it is waged, to the executive branch alone.

In a democracy, it is an issue for all of us.

Peter W. Singer is the director of the 21st Century Defense Initiative at the Brookings Institution and author of “Wired for War: The Robotics Revolution and Conflict in the 21st Century.”

Direct Link: http://www.nytimes.com/2012/01/22/opinion/sunday/do-drones-undermine-democracy.html?_r=1&nl=todaysheadlines&emc=thab1

10 Things You Didn’t Know Could Be Hacked

Articles of Interest, Technology & Digital Security Comments Off

Nov 032011

10 Things You Didn’t Know Could Be Hacked
John R. Quain, SecurityNewsDaily Contributor
24 October 2011

Connected devices, from telephones to cars, bring convenience into our daily lives. But they can also introduce new forms of vulnerability — perhaps more than you may think. Here are 10 everyday items that may leave you open to hackers.

The Zoombak personal GPS locator, often used by parents to keep track of children.
CREDIT: Zoomback, Inc.
Kid-Tracking Devices: There are several tiny GPS devices now on the market designed to help parents keep track of their kids, either by hiding the gadgets in the family car or tossing them into a backpack. Unfortunately, many of these devices don’t have all the security features they should. For example, researchers have demonstrated how to hack into Zoombaks, one common brand of GPS tracking device, to follow Zoombak users. (Zoombak has since patched the software that allowed this.)

A promotional image showing the OnStar app for an iPhone, used to monitor the battery status on a Chevy Volt.
CREDIT: General Motors
Cars: As more cars become connected to smartphones and wireless data networks, they present new challenges for automakers and new opportunities for crooks. A Nissan Leaf owner, for example, recently discovered that he could track a car’s position and speed using a simple Web-based data-feed program. Researchers at iSec Partners have demonstrated how cars with OnStar-like remote start and unlock features that rely on cellular networks can be broken into using a laptop and a technique known as “war texting.

Diamond Garage Door www.diamondgaragedoor.comQuality Garage Doors, Openers and Repairs at Low Prices. Contact us!Residential Door Security TitanSecurity.com/ScreenDoorsNo-Rust Guarantee. Custom Made & Installed. Get a Free Estimate Now!Ads by Google
CREDIT: Holger Ellgaard/Creative Commons
Landline Voicemail: The phone-hacking scandal in the U.K. should remind us how easily most cellular carrier’s voicemail systems can be accessed. Unfortunately, landline number voicemail systems work the same way. Many providers use a common set of dial-in numbers for voicemail, and many users leave the default password in place or chose a password that’s easy to remember — and easy to hack — such as a birthday or a pet’s name. If yours is still on the default password, change it.

A baby monitor base station and receiver.
CREDIT: Public domain
Old Baby Monitors: That second-hand baby monitor may not be such a bargain after all. Security experts used to make a habit of demonstrating how they could tap into the video and audio feeds of numerous nanny cams while driving through suburban neighborhoods. New models use channel-hopping or Wi-Fi connections to defeat such simple eavesdropping.

A first-generation Nintendo DS, which would not be able to work with an WPA-encrypted Wi-Fi network.
CREDIT: Public domain
Portable Game Players: Some older consumer electronics devices, such as the original Nintendo DS and the Nintendo DS Lite, will only work with the older, insecure WEP encryption standard in order to access a Wi-Fi network. (All Wi-Fi users should be using the WPA standard instead.) Check around your house — that hand-me-down game player may be offering hackers an open door to your network.

A Motorola Bluetooth car kit.
CREDIT: Motorola Mobility, Inc.
Hands-Free Bluetooth Car Kits: Bluetooth is ubiquitous among headsets, and a hands-free headset is a good way for drivers to stay within the law in many states. However, Finland-based Codenomicon Defensics, a security testing firm, warns that many Bluetooth devices are easily hacked. Users also often leave phones and other devices vulnerable by failing to change the default device-pairing passwords (such as “0000″ or “1234″); be sure to change yours.

The front door to a townhouse in Jersey City, N.J.
CREDIT: John Manuel/Creative Commons
Your Front Door: Electronic keypads and wireless remote security systems were once only for businesses. Now there are innumerable home electronic security systems, such as Schlage Link, but if they aren’t installed correctly, they can make your home more vulnerable to technically adept thieves. Hackers can lift the code, for example, from a stolen smartphone or intercept the wireless signal when you open the door so that they can return later and empty your house. Prevention tip: Make sure you use a strong password to secure your phone, and that any wireless lock system is set to use the strongest encryption setting.

A pacemaker with an external electrode.
CREDIT: Steven Fruitsmaak/Creative Commons
Medical Implants: A researcher at this past summer’s Black Hat hacker convention in Las Vegas demonstrated how he could hack into the wireless signals put out by automatic insulin pumps implanted into human bodies. Three years ago, another team discovered how to turn off a pacemaker by remote control, and companies are now developing wearable “shields” to prevent hacker-induced heart attacks.

An installed garage door opener.
CREDIT: Public domain
Garage Door Openers: Don’t ever leave the door to your garage unlocked. There are dozens of videos on YouTube showing how to hack garage door openers. Some methods use wires, others simply run through common garage-door codes using smartphones. Poof! Your garage door’s open, and anyone can just walk in.

Traffic lights on Stevens Creek Boulevard in San Jose, Calif.
CREDIT: Coolcaesar/Creative Commons
Traffic Lights: Believe or not, you can make a red light change to green. Police, fire and emergency vehicles have infrared transmitters that communicate with receivers on traffic lights to do just that. Home versions of such transmitters can be built with a little technical know-how, but a federal law forbids their unauthorized use.

Direct Link: http://www.technewsdaily.com/3326-didnt-hacked.html

Older Entries