Your right, it is a guess. What I am trying to say it that it is not logical to use a match to a hash database to start a prosecution when the image file referred to is not actually child porn. That would be a waste of time for law enforcement. The compilers of the database have an interest in vetting all the files beforehand. If a particular image is used in a court case you can bet that a defense attorney will ask the prosecution to prove that a depicted teenager is, in fact, under 18.
In the US, at least, there are prosecutors who would say naturist magazines with children are child porn. I will avoid arguing whether that is true or not, but one has to be cautious about possessing such images considering it is such a hot-button topic. I have a photo of my grandfather holding me over his head when I was two years old. I was unclothed and it's a full-frontal view. Does that make me a pedophile because I still have that picture. No, but I won't be posting it on the internet.
That is absolutely true. These databases still work because pedophiles don't bother to change the files. Changing the filename should also be an obvious, and simple, method to defend against detection but there are pedophiles who don't do that either
It used to be that PC motherboards used CMOS based non-volatile memory to store the BIOS configuration. This is no longer true. BIOS configuration is now stored in EEPROM or FLASH memory. In PCs the coin battery is still there to power the real-time clock. I am not sure why a cell phone would require a real-time clock as NTP (Network Time Protocol) can be used instead for . It may be required for a GPS unit where high accuracy is needed. In that case, only phones with GPS should need a secondary coin battery.
It seems your understanding of the technology is also flawed.
A lot of people commonly refer to ROM in cell phones but they are really using it as a lazy abbreviation for non-volatile memory. ROM, more precisely, cannot be written to after it has been programmed a single time. Cell phones use FLASH memory, and sometimes EEPROM as well, that can be re-written and does not require a battery to maintain memory contents. NOR FLASH has been used to store executable code as it is byte accessible and can execute code in place. However, the use of NOR FLASH is declining as NAND FLASH had been improved so that it can emulate NOR capabilities. NAND FLASH is used to store; firmware, OS code, configuration, application code and data, SMS messages, photos, and video. User generated data can be stored on FLASH based media cards if the phone has connections for one.
You seem to be confusing Static RAM (SRAM) and Dynamic RAM (DRAM). Both types are used in cell phones. DRAM is cheaper than SRAM and is used whenever access speed is not a critical factor. DRAM is not usable as non-volatile memory. The data contained in DRAM is lost when the chip has no power. There is no battery backup.
SRAM is used when faster memory is needed and to reduce power consumption. The SRAM memory in the cell phone is primarily used to store frequently accessed data and temporary variables generated by the baseband processing ASIC and for cache used by the CPU. When not in active use (standby mode), the contents are maintained with a very small amount of current. There is no battery backup to maintain contents while the phone is turned off.
I am not a cell phone expert but, apparently, a small coin battery is used to power the internal clock chip on the phone. I looked this up and I must say it is suspicious that the same text appears in innumerable web-sites. At any rate, such a battery cannot be used to power all the circuitry in the phone.
So, the question remains. Is the "off" setting on, at least some, phones a software, low power, setting or is everything really powered off. The NSA trick apparently requires "malware" to spoof the off setting while keeping the phone at least partially on.
Cyrus,
You mentioned that the response from the Santa Clara County Sheriffs office was that they did not have any ALPRs. The following is a response letter from the Milpitas Police Department to the ACLU. (Milpitas, for those not living here, is part of Santa Clara County) This letter is contained in a PDF file that comprises the response from Milpitas that were in answer to queries used to create the ACLU report. It is dated August 8, 2012
Over the past two months, the Milpitas Police Department has been working with the Santa Clara
County Sheriffs Office on delivering LPR data to the Sheriffs Office (SO) database. These
efforts have been to attempt to establish a connection with the SO with the intent to share data.
These efforts were a result of a verbal agreement and no Memorandum of Understanding exists.
This data has been shared with the SO information technology staff only for test purposes and is
not being delivered to their sworn field deputies.
So, while they claim not to have any ALPRs they do have a database.
Law enforcement agencies often share their ALPR databases with regional fusion centers. This practice is growing and is enabled by the adoption of a standardized format or back end by the handful of vendors involved. Even if a particular agency has a policy of deleting this information from their own database, the fusion centers will have their own policy which may well be: keep the data indefinitely. It is tempting for any agency to keep the data as it could help in solving some crime later wherein a suspect's vehicle may be already be tracked within the database.
From an EFF article:
In 2008, LAPD Police Chief Charlie Beck (then the agency’s chief of detectives) told GovTech Magazine that ALPRs have “unlimited potential” as an investigative tool. “It’s always going to be great for the black-and-white to be driving down the street and find stolen cars rolling around . . . . But the real value comes from the long-term investigative uses of being able to track vehicles—where they’ve been and what they've been doing—and tie that to crimes that have occurred or that will occur.” https://www.eff.org/deeplinks/2013/05/alpr
One of the reasons for using ALPR is to track vehicles surrounding critical infrastructure. In fact, one of the grants types used to fund purchases comes out of the National Infrastructure Protection Plan as put forth by the Department of Homeland Security. Law enforcement agencies get some of their hot lists of license plates to watch for from the federal government. You can imagine that this is a reciprocal arrangement and those agencies share their databases with either the Department of Homeland Security or agencies under the Department of Justice (e.g. FBI, DEA) or both.
The use of ALPRs has grown rapidly in the last 6 years. In their stationary form they are used for red-light cameras, crime prevention, bridges and toll roads, and traffic condition notifications. Mounted on a vehicle, they can scan parked cars and all the lanes of a highway,including traffic going in the opposite direction. The direction we are heading as a nation is yet another way for government and private companies to track everyone's movements.
This is already being done and law enforcement is purchasing the data from the private companies that collect it. The ACLU report has a section dealing with private databases containing ALPR scans. The main companies that do this are MVTrac and DRN (Digital Recognition Network) and its' partner NVLS (National Vehicle Location Service). The NVLS actually gets some of its' data from law enforcement databases as well as providing aggregated data back to law enforcement agencies.
As of September 2012 they had 800 million records. That number is probably over a billion today.
There are no laws restricting the sale of this information from private databases.
We could teach David Cameron how internet search, filters, and language works by doing the following. Associate his name with something particular to child porn in the same way that Rick Santorum's name is now associated with "a frothy mix of lube and fecal matter". When he finds out that searches on his own name get filtered I think the lesson will sink in.
I am not positive this is the entire story but my understanding is that Google's child porn database is essentially a list of hashes of known child porn files. Law enforcement and child protection organizations have compiled these hash databases and they are publicly available. No one at Google is viewing all the pictures or video files indexed by their spiders and deciding whether it is child porn or not. The known files are probably vetted via court cases as a defense attorney would challenge those not fitting the definition. These files are used by forensics experts to determine if a computer contains child porn images. There is no advantage to law enforcement to inflate the database with hashes that correlate with images that do not fit the legal definition of child porn.
Note that Google does have personnel vetting videos posted on YouTube for various things, but child porn postings there are unlikely.
Apart from the fallacy of his arguments, Hayden shows himself to be ignorant concerning, at least, one of the examples he gives. Ethel Rosenberg was mentioned in the Venona decrypts but those did not implicate her as being involved in passing secrets to the USSR whereas Julius Rosenberg was implicated. Her execution was a travesty of justice. The Venona decrypts have been declassified since 1995, yet Hayden still uses Ethel Rosenberg as an example of a spy.
Hayden did not mention Bill Weisband as an example of a spy. This is the man who worked for the Signals Intelligence Service (SIS, the precursor to the NSA), was also an NKVD agent, and told the Soviets about the Venona project. That information led the Soviets to change their encryption methods which meant basically not re-using one time pads, a classic cryptology mistake. Bill Weisband was never prosecuted for espionage Weisband escaped prosecution for espionage "as authorities feared that a trial would divulge yet more information to Soviet intelligence on U.S. intelligence "sources and methods"." (Wikipedia ref.)
It is not surprising that the NSA, given the moniker "No Such Agency", is obsessed with secrecy. Hayden thinks Snowden is the worst because he is the only on Hayden's list that released information specific to the NSA. Snowden's worst crime was betraying their culture of secrecy. Despite everything that Snowden has said about why he has leaked information and what he has but doesn't plan to leak, their secrecy culture and bureaucratic procedures forces them to assume that all the information he took is available to every foreign government and terrorist group. Living that culture of secrecy has warped Hayden's sense of reality so I am not surprised by his statements at all.
Now I understand why my car came with a valet key. That key could not open the glove compartment or the trunk. Valet keys will have to outlawed now like real locks on luggage.
The ACLU and EFF have a current lawsuit to gain access to 1 weeks worth of records in the LAPD and LA county sheriff's database. This is being done under the California Public Records Act. There is a San Leandro, California man who successfully got records relating to his own cars via a California Public Records Act request.
LAPD Police Chief Charlie Beck (then the agency’s chief of detectives) told GovTech Magazine that ALPRs have “unlimited potential” as an investigative tool. “It’s always going to be great for the black-and-white to be driving down the street and find stolen cars rolling around . . . . But the real value comes from the long-term investigative uses of being able to track vehicles—where they’ve been and what they've been doing—and tie that to crimes that have occurred or that will occur.”
The ACLU isn't asking for scanners to be banned. What is really important is limiting the retention of such records in a database. This is all the more important because it is common for an individual law enforcement agencies database to be merged into the database for a regional fusion center.
I must point out to you this is the same argument that the NSA is making. They collect data about everyone and stick it in a huge database but that's OK they say because we need a warrant or subpoena to access the database for any particular person. The problem is that this process lends itself too easily to abuse. Foxes guarding the hen-house.
All the aspects of security; confidentiality, data integrity, authentication, and non-repudiation can be added to any layer of the TCP/IP protocol stack. Yes, it was designed to be inherently a very open system without having security in mind. Over the years, the addition of security related protocols have made the possibility of true confidentiality in passing messages a reality. At the most basic level one could use PGP to encrypt messages end-to-end. If everyone used existing security protocols the NSA would not have anywhere near the capability they have today to monitor people's lives. Why do most people not bother? It is a bit inconvenient and maybe folk felt like it wasn't really necessary. It seemed paranoid and why bother if you didn't really have anything to hide. That is changing with the series of leaks from Snowden. A lot of people knew it was a possibility, but now, we've all been hit in the face with our lack of privacy on-line. One way of fighting this is for individuals to adopt the use of security protocols whenever they can. Another, perhaps more important, way to fight this is politically, to rein in the state paranoia and bring the government back under the constitution.
collecting data from connections 2-3 hops away is useful
Firstly, I am not defending the NSA's policy here, I think it is an atrocious invasion of privacy and degradation of liberty.
However, it does make sense to collect all that data. Let's suppose for a particular terrorist target you collect data on 10 million individuals. So, when the data mining software is set to not filter out any of this there is a huge useless set of results. The software can be set to filter out individuals with depending on the number of connections to the target and depending on the weighted value for types of connections. When you set the filters to a high enough threshold you should be able to get a manageable list of individuals. This is what connecting the dots means.
On the post: Prime Minister David Cameron: Google, Bing and Yahoo! 'Enable' Child Porn
Re: Re: Re: Google's Porn Database
In the US, at least, there are prosecutors who would say naturist magazines with children are child porn. I will avoid arguing whether that is true or not, but one has to be cautious about possessing such images considering it is such a hot-button topic. I have a photo of my grandfather holding me over his head when I was two years old. I was unclothed and it's a full-frontal view. Does that make me a pedophile because I still have that picture. No, but I won't be posting it on the internet.
On the post: Prime Minister David Cameron: Google, Bing and Yahoo! 'Enable' Child Porn
Re: Re: Re: Google's Porn Database
On the post: Even Powering Down A Cell Phone Can't Keep The NSA From Tracking Its Location
Re:
On the post: Even Powering Down A Cell Phone Can't Keep The NSA From Tracking Its Location
Re: Re: Cell phones
On the post: Even Powering Down A Cell Phone Can't Keep The NSA From Tracking Its Location
Re: Product Idea
On the post: Even Powering Down A Cell Phone Can't Keep The NSA From Tracking Its Location
Re: Re:
A lot of people commonly refer to ROM in cell phones but they are really using it as a lazy abbreviation for non-volatile memory. ROM, more precisely, cannot be written to after it has been programmed a single time. Cell phones use FLASH memory, and sometimes EEPROM as well, that can be re-written and does not require a battery to maintain memory contents. NOR FLASH has been used to store executable code as it is byte accessible and can execute code in place. However, the use of NOR FLASH is declining as NAND FLASH had been improved so that it can emulate NOR capabilities. NAND FLASH is used to store; firmware, OS code, configuration, application code and data, SMS messages, photos, and video. User generated data can be stored on FLASH based media cards if the phone has connections for one.
You seem to be confusing Static RAM (SRAM) and Dynamic RAM (DRAM). Both types are used in cell phones. DRAM is cheaper than SRAM and is used whenever access speed is not a critical factor. DRAM is not usable as non-volatile memory. The data contained in DRAM is lost when the chip has no power. There is no battery backup.
SRAM is used when faster memory is needed and to reduce power consumption. The SRAM memory in the cell phone is primarily used to store frequently accessed data and temporary variables generated by the baseband processing ASIC and for cache used by the CPU. When not in active use (standby mode), the contents are maintained with a very small amount of current. There is no battery backup to maintain contents while the phone is turned off.
I am not a cell phone expert but, apparently, a small coin battery is used to power the internal clock chip on the phone. I looked this up and I must say it is suspicious that the same text appears in innumerable web-sites. At any rate, such a battery cannot be used to power all the circuitry in the phone.
So, the question remains. Is the "off" setting on, at least some, phones a software, low power, setting or is everything really powered off. The NSA trick apparently requires "malware" to spoof the off setting while keeping the phone at least partially on.
On the post: License Plate Data Isn't 'Personally Identifiable' Until The Public Asks Police For Access To It
Re:
Cyrus,
You mentioned that the response from the Santa Clara County Sheriffs office was that they did not have any ALPRs. The following is a response letter from the Milpitas Police Department to the ACLU. (Milpitas, for those not living here, is part of Santa Clara County) This letter is contained in a PDF file that comprises the response from Milpitas that were in answer to queries used to create the ACLU report. It is dated August 8, 2012
Over the past two months, the Milpitas Police Department has been working with the Santa Clara
County Sheriffs Office on delivering LPR data to the Sheriffs Office (SO) database. These
efforts have been to attempt to establish a connection with the SO with the intent to share data.
These efforts were a result of a verbal agreement and no Memorandum of Understanding exists.
This data has been shared with the SO information technology staff only for test purposes and is
not being delivered to their sworn field deputies.
So, while they claim not to have any ALPRs they do have a database.
On the post: License Plate Data Isn't 'Personally Identifiable' Until The Public Asks Police For Access To It
National ALPR Database
From an EFF article:
In 2008, LAPD Police Chief Charlie Beck (then the agency’s chief of detectives) told GovTech Magazine that ALPRs have “unlimited potential” as an investigative tool. “It’s always going to be great for the black-and-white to be driving down the street and find stolen cars rolling around . . . . But the real value comes from the long-term investigative uses of being able to track vehicles—where they’ve been and what they've been doing—and tie that to crimes that have occurred or that will occur.”
https://www.eff.org/deeplinks/2013/05/alpr
One of the reasons for using ALPR is to track vehicles surrounding critical infrastructure. In fact, one of the grants types used to fund purchases comes out of the National Infrastructure Protection Plan as put forth by the Department of Homeland Security. Law enforcement agencies get some of their hot lists of license plates to watch for from the federal government. You can imagine that this is a reciprocal arrangement and those agencies share their databases with either the Department of Homeland Security or agencies under the Department of Justice (e.g. FBI, DEA) or both.
The use of ALPRs has grown rapidly in the last 6 years. In their stationary form they are used for red-light cameras, crime prevention, bridges and toll roads, and traffic condition notifications. Mounted on a vehicle, they can scan parked cars and all the lanes of a highway,including traffic going in the opposite direction. The direction we are heading as a nation is yet another way for government and private companies to track everyone's movements.
On the post: License Plate Data Isn't 'Personally Identifiable' Until The Public Asks Police For Access To It
Re: Citizens need to fight back with the same
As of September 2012 they had 800 million records. That number is probably over a billion today.
There are no laws restricting the sale of this information from private databases.
On the post: Prime Minister David Cameron: Google, Bing and Yahoo! 'Enable' Child Porn
a lesson for David Cameron
On the post: Prime Minister David Cameron: Google, Bing and Yahoo! 'Enable' Child Porn
Re: Google's Porn Database
Note that Google does have personnel vetting videos posted on YouTube for various things, but child porn postings there are unlikely.
On the post: Ex-CIA/NSA Boss Says Snowden Worse Than Every Spy From Benedict Arnold To The Rosenbergs
Hard to take Hayden seriously
Hayden did not mention Bill Weisband as an example of a spy. This is the man who worked for the Signals Intelligence Service (SIS, the precursor to the NSA), was also an NKVD agent, and told the Soviets about the Venona project. That information led the Soviets to change their encryption methods which meant basically not re-using one time pads, a classic cryptology mistake. Bill Weisband was never prosecuted for espionage Weisband escaped prosecution for espionage "as authorities feared that a trial would divulge yet more information to Soviet intelligence on U.S. intelligence "sources and methods"." (Wikipedia ref.)
It is not surprising that the NSA, given the moniker "No Such Agency", is obsessed with secrecy. Hayden thinks Snowden is the worst because he is the only on Hayden's list that released information specific to the NSA. Snowden's worst crime was betraying their culture of secrecy. Despite everything that Snowden has said about why he has leaked information and what he has but doesn't plan to leak, their secrecy culture and bureaucratic procedures forces them to assume that all the information he took is available to every foreign government and terrorist group. Living that culture of secrecy has warped Hayden's sense of reality so I am not surprised by his statements at all.
On the post: Google Being Pressured Into Crippling Self-Driving Cars
On the post: Google Being Pressured Into Crippling Self-Driving Cars
Re: Re:
On the post: TSA Now Searching Valet-Parked Vehicles, Utilizing A Crack Security Team Composed Of... Valets
valet key
On the post: ACLU Presents Its Findings On License Plate Scanners, Most Of Which Is Bad News
Re:
The ACLU and EFF have a current lawsuit to gain access to 1 weeks worth of records in the LAPD and LA county sheriff's database. This is being done under the California Public Records Act. There is a San Leandro, California man who successfully got records relating to his own cars via a California Public Records Act request.
On the post: ACLU Presents Its Findings On License Plate Scanners, Most Of Which Is Bad News
Re:
https://www.eff.org/deeplinks/2013/05/alpr
LAPD Police Chief Charlie Beck (then the agency’s chief of detectives) told GovTech Magazine that ALPRs have “unlimited potential” as an investigative tool. “It’s always going to be great for the black-and-white to be driving down the street and find stolen cars rolling around . . . . But the real value comes from the long-term investigative uses of being able to track vehicles—where they’ve been and what they've been doing—and tie that to crimes that have occurred or that will occur.”
The ACLU isn't asking for scanners to be banned. What is really important is limiting the retention of such records in a database. This is all the more important because it is common for an individual law enforcement agencies database to be merged into the database for a regional fusion center.
On the post: ACLU Presents Its Findings On License Plate Scanners, Most Of Which Is Bad News
Re: Another problem is
On the post: Ed Snowden Explains To Former Senator, Who Emailed In Support, That No Foreign Gov't Can Access His Documents
Re: Re: Re: Public Opinion
On the post: NSA Official Admits Agency's Surveillance Covers Even More People Than Previously Indicated
collecting data from connections 2-3 hops away is useful
However, it does make sense to collect all that data. Let's suppose for a particular terrorist target you collect data on 10 million individuals. So, when the data mining software is set to not filter out any of this there is a huge useless set of results. The software can be set to filter out individuals with depending on the number of connections to the target and depending on the weighted value for types of connections. When you set the filters to a high enough threshold you should be able to get a manageable list of individuals. This is what connecting the dots means.
Next >>