| |
|
Wednesday, August 23, 2006
|
|
TrackMeNot Firefox Extension Obfuscates Your Search History. As concerns about the privacy of one[base ']s search engine history steadily increase, various solutions have been offered to help avoid the wholesale surveillance and aggregation of one[base ']s search queries. While most solutions rely on attempts to cloak one[base ']s IP address, a new solution instead relies on obfuscation: TrackMeNot.
Developed by Daniel Howe and Helen Nissenbaum, TrackMeNot (TMN) is a Firefox extension (download here) that protects against search data profiling by issuing randomized queries to popular search-engines with fake data:
TrackMeNot runs in Firefox as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and MSN. It hides users[base '] actual search trails in a cloud of indistinguishable [OE]ghost[base '] queries, making it difficult, if not impossible, to aggregate such data into accurate or identifying user profiles.
The extension[base ']s log reveals some of the [OE]ghost[base '] queries sent to the search engines:
[QUERY] engine=google | query=[base ']followups heartbeat[base '] | 200 | Mon, 21 Aug 2006 19:46:20 GMT [...] [QUERY] engine=yahoo | query=[base ']trapping paywares[base '] | 200 | Mon, 21 Aug 2006 19:48:04 GMT
A comment at BoingBoing notes that the size of the dictionary used by TMN is limited, and the two-word structure of the ghost queries (coupled with the fact that no clicked results are ever recorded) might make it easy for the techies at Google to filter the noise TMN is meant to introduce. Good points. In fact, the developers of TMN have been concerned with the limitations of the word list throughout the development of this tool (I know them both; in fact, Helen Nissenbaum is the chair of my dissertation committee). While the current word list allows for over 3 million different combinations, I[base ']ve been told by the developers that [base "]future versions will include a much larger (server-side) database of terms, dynamically queried by TMN during its operation.[per thou] That[base ']s a good step towards making this important tool even more powerful.
(BTW, I was hoping Daniel Howe could demo TMN and present the underlying philosophy behind creating such a tool at the [base "]Identity and Identification in a Networked World[per thou] symposium I[base ']m co-organizing at NYU this fall. Unfortunately, other commitments will prevent Daniel[base ']s attendance, but Helen Nissenbaum will be on hand to demo and discuss the tool in his absence.)
[michaelzimmer.org]
11:30:09 AM 
|
|
Neural Net Makes Eavesdropping Breakthrough.
Government-funded researchers have discovered a mathematical solution for separating a single voice from a multitude of other sounds and voices -- solving what scientists call the "cocktail party problem," and the rest of us know as Harry Caul's plight in The Conversation. In research funded by the National Science Foundation and -- big surprise -- the National Security Agency, two math professors from the University of Missouri-Columbia and one from Siemens trained a neural network to reconstruct a voice in a crowd with greater accuracy than existing techniques.
"Theoretically, our solution says you should be able to pick up voices on a squeaky old microphone and then separate them all out so that you can hear what each person is saying in his or her own voice," said Peter Casazza, professor of mathematics in MU's College of Arts and Science. "This is a very old problem, and we have the first mathematical solution to it."
Interestingly, while they have a mathematical solution, they don't actually know the solution. It's locked inside the neural net, which, mimicking a human brain, can learn to do something without producing a usable algorithm. More from the press release:
Casazza and Dan Edidin, also a professor of mathematics at MU, worked with Radu Balan of Siemens Corporate Research to solve the problem. Their solution shows that it is possible to separate voices and still retain vocal characteristics. Researchers had previously found a solution for separating and reconstructing voices, but they were only able to reconstruct the words spoken, not the characteristics of the voice itself.
"Our solution is called 'signal reconstruction without noisy phase,'" Edidin said. "In speech recognition technology, a 'signal' could be a recording of 25 people in a room talking at the same time. Our solution shows that we can pull out each voice individually, not just with the words, but with the voice characteristics of each individual. We showed that this 'cocktail party problem' is mathematically solvable."
Although Casazza, Edidin and Balan do not have a computer program that can do this automatically, they hope to find a way to develop one. Currently, their solution runs on a computer, but the process cannot be easily replicated or distributed.
"The computer we use is doing the work without an algorithmic program. It uses a system called a neural net, which is designed for the computer to teach itself. Basically, it works on trial and error," Casazza said. "This isn't consistent and cannot be duplicated easily. We need to find a way to design an implementable algorithm that could do this consistently and quickly."
That's cool beyond belief. Maybe as a follow-up they'll train a computer to read lips and I can throw up a picture of HAL 9000. I just hope that before they turn this over to NSA they can teach the neural net to get a warrant.
Update: Yes, Ryan blogged the exact same thing at almost the exact same time. His has sound, but mine has Cindy Williams, so we're keeping both. [27B Stroke 6]
11:22:19 AM
|
|
United States and European authorities, looking for more tools to
detect terrorist plots, want to expand the screening of international
airline passengers by digging deep into a vast repository of airline
itineraries, personal information and payment data.A proposal by Homeland
Security Secretary Michael Chertoff would allow the United States
government not only to look for known terrorists on watch lists, but
also to search broadly through the passenger itinerary data to identify
people who may be linked to terrorists, he said in a recent interview. Similarly,
European leaders are considering seeking access to this same database,
which contains not only names and addresses of travelers, but often
their credit card information, e-mail addresses, telephone numbers and
related hotel or car reservations. "It forms part of an arsenal
of tools which should be at least at the disposal of law enforcement
authorities," Friso Roscam Abbing, a spokesman for Franco Frattini,
vice president of the European Commission and the European commissioner responsible for justice and security, said Monday. The
proposals, prompted by the recent British bomb-plot allegations, have
inspired a new round of protests from civil libertarians and privacy
experts, who had objected to earlier efforts to plumb those
repositories for clues. "This is a confirmation of our warnings
that once you let the camel's nose under the tent, it takes 10 minutes
for them to want to start expanding these programs in all different
directions," said Jay Stanley, a privacy expert at the American Civil Liberties Union.
The United States already has rules in place, and European states will
have rules by this fall, allowing them to obtain basic passenger
information commonly found in a passport, like name, nationality and
date of birth. American officials are pressing to get this information,
from a database called the Advance Passenger Information System,
transmitted to them even before a plane takes off for the United States. But
a second, more comprehensive database known as the Passenger Name
Record is created by global travel reservation services like Sabre,
Galileo and Amadeus, companies that handle reservations for most
airlines as well as for Internet sites like Travelocity. Each
time someone makes a reservation, a file is created, including the name
of the person who reserved the flight and any others traveling in the
party. The electronic file often also contains details on rental cars
or hotels, credit card information relating to travel, contact
information for the passenger and next of kin, and at times even
personal preferences, like a request for a king-size bed in a hotel.
European authorities currently have no system in place to routinely
gain access to this Passenger Name Record data. Mr. Frattini, his
spokesman said, intends to propose that governments across Europe
establish policies that allow them to tap into this data so they can
quickly check the background of individuals boarding flights to Europe. "It
is not going to solve all our problems," Mr. Abbing said. "It is not
going to stop terrorism. But you need a very comprehensive policy."
11:15:55 AM
|
|
Gov Now Wants More Air Flyer Data, Redux.
Leveraging the arrests in Britain of 11 people who allegedly plotted to bring down airliners flying from the UK to the United States, the Department of Homeland Security is intending to renew its efforts to get deeper access to travel databases, both foreign and domestic.
This story is getting old, perhaps as old as the stories about babies, nuns, terror fighters and Congressmen being snagged by watchlists.
I wrote my first one of these in January 2003, nearly three and a half years ago. That one is not much different from today's New York Times story.
A proposal by Homeland Security Secretary Michael Chertoff would allow the United States government not only to look for known terrorists on watch lists, but also to search broadly through the passenger itinerary data to identify people who may be linked to terrorists, he said in a recent interview.
Similarly, European leaders are considering seeking access to this same database, which contains not only names and addresses of travelers, but often their credit card information, e-mail addresses, telephone numbers and related hotel or car reservations.[...]
The proposals, prompted by the recent British bomb-plot allegations, have inspired a new round of protests from civil libertarians and privacy experts, who had objected to earlier efforts to plumb those repositories for clues.
?This is a confirmation of our warnings that once you let the camel?s nose under the tent, it takes 10 minutes for them to want to start expanding these programs in all different directions,? said Jay Stanley, a privacy expert at the American Civil Liberties Union.
The United States already has rules in place, and European states will have rules by this fall, allowing them to obtain basic passenger information commonly found in a passport, like name, nationality and date of birth. American officials are pressing to get this information, from a database called the Advance Passenger Information System, transmitted to them even before a plane takes off for the United States.
But a second, more comprehensive database known as the Passenger Name Record is created by global travel reservation services like Sabre, Galileo and Amadeus, companies that handle reservations for most airlines as well as for Internet sites like Travelocity.
Each time someone makes a reservation, a file is created, including the name of the person who reserved the flight and any others traveling in the party. The electronic file often also contains details on rental cars or hotels, credit card information relating to travel, contact information for the passenger and next of kin, and at times even personal preferences, like a request for a king-size bed in a hotel.
Actually, PNRs aren't a database, they are entries in databases that are linked together. In fact, the travel database system is likely the second biggest interconnected set of computers in the world.
Very little is required in a PNR, though it can hold a lot, ranging from the credit card you used to buy the ticket, to the name of all of your travelling companions, your travel agents name and medical problems you may have.
What we are seeing in this New York Times story is the Department of Homeland Security laying the groundwork for the upcoming announcement of the newest version of a domestic internal passport check, called Secure Flight.
The program will likely:
-
require you to provide your name, address, date of birth and telephone number, under penalty of perjury, whenever you book an airline reservation,
-
use commercial data services such as ChoicePoint, Acxiom or LexisNexis to gather more information on you,
-
explicitly require passengers to show identification, and
-
seek to keep your travel history or be get it from the reservation services that host most airlines' records.
There's a whole host of reasons why this may be overkill, too expensive for airlines and the travel industry and likely ineffective at stopping a would-be terrorist (Carnival Booth, the Slate method and identity theft, (pdf)).
But the government will say their intention is simply to cross-check this data with terrorist watch lists and that it will be better than the current system.
At least that's what will publicly tell you that the program is intended for.
They may well have other plans to use the data or feed a copy to the FBI or NSA.
That's not paranoia, because the previous iteration of the program -- killed off after the Transportation Security Administration admitted to misleading both Congress and the media about secretly using millions of travel records to test their theories -- had a secret purpose.
I can't tell you what it is, but I can prove to you it existed.
[27B Stroke 6]
11:10:38 AM
|
|
Lauren Weinstein Calls for Search Privacy Working Group. Lauren Weinstein, co-founder of People For Internet Responsibility and the moderator of the PRIVACY Forum, has made an impassioned call for the formation of a working group to tackle issue of search engine history data retention, mining and sharing policies:
Participation by all stakeholders would be invited. Representatives of the major search engine firms and concerned government agencies, outside technologists and other persons involved in privacy and search issues, and other entities as appropriate, would all play important roles.
Of course, it[base ']s easy [~] especially for large corporate enterprises [~] to simply ignore such efforts and just plow ahead independently. Obviously, without the participation of the key players, the effort that I[base ']m proposing would be useless, and I will not continue to promote it if that situation ensues.
However, I suggest that it will be in the long-term best interests, both financially and in terms of corporate and organizational responsibility, for major stakeholders to actively join such a project, since the alternative seems ever more likely to be somewhere between highly disruptive and extremely draconian.
If interested, let him know.
[michaelzimmer.org]
10:55:49 AM
|
|
|
© Copyright 2006 Paul Hardwick.
Last update: 9/2/06; 4:26:57 AM.
|
|
|
