I’ve always been of the opinion that people over concerned with surveillance and data security are displaying the first stages of clinical paranoia. It’s well known, for those that care to look, that the UK police and military have in their possession technology which enables them to track individuals movements visually and electronically (think of google maps ++), trace your behaviour (spending, travelling, health, political persuasion), listen in to conversations and so-on – our only real defence against this intrusion has been the plod/MOD’s incompetence at cross referencing and interpreting the mass of data they’ve so carefully collated.
Britain is one of the world’s most surveyed society; It is estimated (2002 figures) that the United Kingdom is watched by over 4.2 million CCTV cameras. This equates to one camera for every fourteen people; each UK subject is recorded on average by up to three hundred cameras a day. Surveillance has become part of our lives; we’ve become used to accepting surveillance as a shield against crime and terrorism, sacrificing our privacy for the apparent greater good. However a recent trend is the movement of commercial organisation into the field of surveillance and “dataveillance” – using similar unregulated techniques and technologies global corporations are starting to watch you. Is it time to get paranoid?
When the £1.6bn Westfield shopping centre opened in London recently tens of thousands people rushed through the shiny glass gates responding it seems to our leaders exhortations to spend more and save the collapsing British economy (isn’t spending money we don’t have how we got into this mess in the first place?). During the consumption frenzy few if any would realise that the shopping centre is, without their consent or knowledge, tracking their behaviour and movements.
‘Path technology’ a Portsmouth (UK) based company specialising in consumer tracking and monitoring has developed ‘footpath’ a commercially available system that invisibly monitors behaviour:
“Path Intelligence provides FootPath™, the only automated measurement technology that can continuously monitor the path that your shoppers or passengers take”
Path intelligence Antenna box
The system monitors continuous signals from mobile phones (even when the phone is inactive) and triangulates the individuals position from a set of receivers installed in the building:
“The Path Intelligence FootPath™ system consists of a small number of discreet monitoring units installed throughout the centre. These units calculate the movement of consumers without requiring the shopper to wear or carry any special equipment.
The units measure signals from the consumers’ mobile phones using unique technology that can locate a consumer’s position to within 1-2m. The units feed this data (24 hours a day, 7 days a week) to a processing centre where the data is audited and sophisticated statistical analysis is applied to create continuously updated information on the flow of shoppers through the centre. At anytime the shopping centre management can access the data via PI’s secure web-based reporting system. The FootPath™ technology is the only system available on the market today that can gather information on shopper paths continuously and accurately.FootPath™ can be installed in one centre or across a portfolio, providing you with quantifiable information to monitor your centre and assess the impact of your business decisions.”
Once collected this data can be cross referenced with credit card activity, oyster card use (London’s RFID based travel card), general traffic surveillance, facial recognition devices, DNA databases, internet activity (remember the facebook CIA fiasco?), loyalty cards and a plethora of other techniques to build up a complex, detailed and ever-growing behavioural picture. All of this tracking is done without the individuals knowledge or consent. The collated data is sold to commercial organisations to help them target advertising, develop products, modify the layout of their stores and monitor the results of marketing campaigns. The same data can also made available to the police, military and local councils for use in fighting crime, benefit fraud, the ongoing ‘war on terror’ and any other use they think is relevant.
Studies indicate that surveillance and CCTV surveillance in particular is ineffective against crime. It has been suggested that the real reason for the establishment of such a surveillance culture in the UK is to create a climate of fear and mistrust where individuals are compelled to submit to authority through the so called ‘glass house effect’; if you are not guilty of anything you have nothing to fear from surveillance – with the logical conclusion that avoiding surveillance is an admission of guilt and therefore a justifiable target for increased scrutiny.
Techniques for countering and disrupting commercial and state surveillance
Surveillance data is used by commercial and state organisation to try and predict behaviour – whether it is deciding which kitchen worktop from Ikea or whether to throw a petrol bomb at the Israeli embassy. A way of countering this data collection is to de-value the data at source by introducing noise. this can be done by introducing as much unpredictable behaviour into your everyday movements and by distorting the collection of data.
- Disrupt data collection of purchasing activity by creating irregular credit card activity i.e. use cash for a month and card for the next in irregular patterns.
- When travelling by public transport use multiple travel cards, oyster cards or share oyster cards with friends.
- Create multiple non existent identities for loyalty card schemes, online presence and anywhere where low level identity checks are required and when asked for profile information from commercial organisations.
- Use keywords in innocuous electronic communication to trigger ECHELON keyword surveillance.( ECHELON is the name given to a signals intelligence (SIGINT) collection and analysis network operated on behalf of the five signatory states to the UK-USA Security Agreement (Australia, Canada, New Zealand, the United Kingdom, and the United States, known as AUSCANZUKUS). It has also been described only as the software system which controls the download and dissemination of the intercept of commercial satellite trunk communications – wikipedia). A comprehensive keyword list is available at the bottom of the page…
Disappearing off the map: Avoiding Surveillance
Mobile Phone Tracking
MobileActive.org, “a community of people and organizations using mobile phones for social impact” have written a primer detailing techniques on becoming invisible to mobile networks. the primer is intended for NGOs operating in the developing world but is equally applicable to the UK. The full text is available here and a basic primer on mobile phone security here
- Use a pre-paid SIM card
- Buy a SIM card just for the specific project and dispose of it afterwards.
- Make it routine to delete the information on your phone. Check the settings on the phone to see if can be set to not store call logs and outgoing SMS.
- If your conversation is sensitive, don’t discuss it on the phone and consider taking the battery out of any phones in your vicinity.
- Consider turning the phone off at certain times in your journey. Move the phone to places that it can be established you are not at so that all activity on the phone is not linked to you.
- If you suspect that messages are monitored use agreed innocuous words in your message
- ·If in doubt, turn it off.
If you are particularly worried about being identified as the owner of a specific phone or SIM card (remember, both have a unique identifier that is transmitted when the phone is on the network) you need to be careful not be be identified when buying or using the phone.
- Make your purchase in a shop away from where you live so that the seller is unable to identify you, so consider the trail you leave and don’t use a credit card or a traceable email address.
- Avoid places that are likely to have CCTV – town centres, malls and larger chain stores are obvious examples
- Do not giving your real details if asked. Many shop do ask for your details, but not proof of ID. Check whether you have a legal obligation to provide any details at all.
- Get the simplest phone you need, avoiding extra features unless necessary. For calls and SMS only, get a bottom of the range phone. If you want to use additional encryption software though, consider a Java-enabled phone, which is able to run encryption software provided by third parties.
- Do not buy a phone in a deal that locks you into a contract with a particular operator. Always ask for the phone on pay-as-you-go, even if this is much more expensive.
- Do not register the phone – in many countries there is no legal obligation to do so (though some countries require SIM registration or track identification when you buy a SIM card)
- Buy top-up vouchers to load credit onto the phone. When buying the vouchers, follow the same rules as for buying the phone: avoid CCTV, pay cash, don’t give out your details. Do not buy a top-up card, if available – this allows all the topups to be traced to a single user.
- Travelling on public transport is far safer than by car. Car number plates are continually monitored by CCTV cameras and automatic recognition systems.
- Pay for travel with cash
- Change routes to the same destination and avoid using repeat routes.
- Avoid camera identification by sticking to crowds. Alter your physical appearance so you blend in. (tip for our anarchist comrades: the all-over black, boots and mask is a timeless and striking look, a statement of solidarity etc. but is also a gift for the powers that be when it comes to surveillance or the cops during a riot)
- Assume that all public transport vehicles have CCTV installed
- Most CCTV systems use nightvision technologies – travelling at night does not improve anonymity – it attracts attention from surveillance cameras.
Disrupting State and Commercial Surveillance
1. CCTV Camera Zapping
“Camera zapping is possible because cameras are not perfect machines. Two such imperfections are blooming and lens flare. Blooming is the technical term for when a portion of the camera’s sensor is overloaded, resulting in “leakage” to neighboring regions. For example, a candle in an otherwise dark setting may cause blobs or “comet tails” around the flame. Many video cameras today advertise “anti-blooming” capabilities, but it’s ultimately a matter of degree. Most can indeed handle a candle light without blooming but almost certainly not direct sunlight.”
2. Attacking CCTV cameras
Techniques include ‘bagging’ – covering the camera with a glue filled plastic bag, blinding with paint, tape etc, cutting cables or simply smashing:
Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charges, ambush, sniping, motorcade, IRS, BATF, jtf-6, mjtf, hrt, srt, hostages, munitions, weapons, TNT, rdx, amfo, hmtd, picric acid, silver nitrite, mercury fulminate, presidential motorcade, salt peter, charcoal, sulfur, c4, composition b, amatol, petn, lead azide, lead styphante, ddnp, tetryl, nitrocellulose, nitrostarch, mines, grenades, rockets, fuses, delay mechanism, mortars, rpg7, propellants, incendiaries, incendiary device, thermite, security forces, intelligence, agencies, hrt, resistance, psyops, infiltration, assault team, defensive elements, evasion, detection, mission, communications, the football, platter charge, shaped charges, m118, claymore, body armor, charges, shrapnel, timers, timing devices, boobytraps, detcord, pmk 40, silencers, Uzi, HK-MP5, AK-47, FAL, Jatti, Skorpion MP, teflon bullets, cordite, napalm, law, Stingers, RPK, SOCIMI 821 SMG, STEN, BAR, MP40, HK-G3,FN-MAG, RPD,PzB39, Air Force One, M60, RPK74, SG530, SG540, Galil arm, Walther WA2000, HK33KE, Parker-Hale MOD. 82, AKR, Ingram MAC10, M3, L34A1, Walther MPL, AKS-74, HK-GR6, subsonic rounds, ballistic media, special forces, JFKSWC, SFOD-D! , SRT, Rewson, SAFE, Waihopai, INFOSEC, ASPIC, Information Security, SAI, Information Warfare, IW, IS, Privacy, Information Terrorism, Kenya, Terrorism Defensive Information, Defense Information Warfare, Offensive Information, Offensive Information Warfare, NAIA, SAPM, ASU, ECHELON ASTS, National Information Infrastructure, InfoSec, SAO, Reno, Compsec, JICS, Computer Terrorism, Firewalls, Secure Internet Connections, RSP, ISS, JDF, Passwords, NAAP, DefCon V, RSO, Hackers, Encryption, ASWS, Espionage, USDOJ, NSA, CIA, S/Key, SSL, FBI, Secret Service, USSS, Defcon, Military, White House, Undercover, NCCS, Mayfly, PGP, SALDV, PEM, resta, RSA, Perl-RSA, MSNBC, bet, AOL, AOL TOS, CIS, CBOT, AIMSX, STARLAN, 3B2, BITNET, Tanzania, SAMU, COSMOS, DATTA, E911, FCIC, HTCIA, IACIS, UT/RUS, JANET, ram, JICC, ReMOB, LEETAC, UTU, VNET, BRLO, SADCC, NSLEP, SACLANTCEN, FALN, 877, NAVELEXSYSSECENGCEN, BZ, CANSLO, CBNRC, CIDA, JAVA, rsta, Awarehouse, Active X, Compsec 97, RENS, LLC, DERA, JIC, ri! p, rb, Wu, RDI, Mavricks, BIOL, Meta-hackers, ^?, SADT, Steve Case, Tools, RECCEX, Telex, OTAN, monarchist, NMIC, NIOG, IDB, MID/KL, NADIS, NMI, SEIDM, BNC, CNCIS, STEEPLEBUSH, RG, BSS, DDIS, mixmaster, BCCI, BRGE, SARL, Military Intelligence, JICA, Scully, recondo, Flame, Infowar, Bubba, Freeh, Donaldson, Archives, ISADC, CISSP, Sundevil, jack, Investigation, JOTS, ISACA, NCSA, ASVC, spook words, RRF, 1071, Bugs Bunny, Verisign, Secure, ASIO, Lebed, ICE, NRO, Lexis-Nexis, NSCT, SCIF, FLiR, JIC, bce, Lacrosse, Bunker, Flashbangs, HRT, IRA, EODG, DIA, USCOI, CID, BOP, FINCEN, FLETC, NIJ, ACC, AFSPC, BMDO, site, SASSTIXS, NAVWAN, NRL, RL, NAVWCWPNS, NSWC, USAFA, AHPCRC, ARPA, SARD, LABLINK, USACIL, SAPT, USCG, NRC, ~, O, NSA/CSS, CDC, DOE, SAAM, FMS, HPCC, NTIS, SEL, USCODE, CISE, SIRC, CIM, ISN, DJC, bemd, SGC, UNCPCJ, CFC, SABENA, DREO, CDA, SADRS, DRA, SHAPE, bird dog, SACLANT, BECCA, DCJFTF, HALO, SC, TA SAS, Lander, GSM, T Branch, AST, SAMCOMM, HAHO, FKS, 868, GCHQ, DITSA, S! ORT, AMEMB, NSG, HIC, EDI, benelux, SAS, SBS, SAW, UDT, EODC, GOE, DOE, SAMF, GEO, JRB, 3P-HV, Masuda, Forte, AT, GIGN, Exon Shell, radint, MB, CQB, CONUS, CTU, RCMP, GRU, SASR, GSG-9, 22nd SAS, GEOS, EADA, SART, BBE, STEP, Echelon, Dictionary, MD2, MD4, MDA, diwn, 747, ASIC, 777, RDI, 767, MI5, 737, MI6, 757, Kh-11, EODN, SHS, ^X, Shayet-13, SADMS, Spetznaz, Recce, 707, CIO, NOCS, Halcon, NSS, Duress, RAID, Uziel, wojo, Psyops, SASCOM, grom, NSIRL, D-11, SERT, VIP, ARC, S.E.T. Team, NSWG, MP5k, SATKA, DREC, DEVGRP, DF, DSD, FDM, GRU, LRTS, SIGDEV, NACSI, MEU/SOC,PSAC, PTT, RFI, ZL31, SIGDASYS, TDM, SUKLO, SUSLO, TELINT, fake, TEXTA, ELF, LF, MF, SIGS, VHF, Recon, peapod, PA598D28, Spall, dort, 50MZ, 11Emc Choe, SATCOMA, UHF, SHF, ASIO, SASP, WANK, Colonel, domestic disruption, 5ESS, smuggle, Z- 200, 15kg, UVDEVAN, RFX, nitrate, OIR, Pretoria, M-14, enigma, Bletchley Park, Clandestine, NSO, nkvd, argus, afsatcom, CQB, NVD, Counter Terrorism Security, SARA, Rapid Reaction, JSOF! C3IP, Corporate Security, Police, sniper, PPS, ASIS, ASLET, TSCM, Security Consulting, M-x spook, Z-150T, High Security, Security Evaluation, Electronic Surveillance, MI-17, ISR, NSAS, Counterterrorism, real, spies, IWO, eavesdropping, debugging, CCSS, interception, COCOT, NACSI, rhost, rhosts, ASO, SETA, Amherst, Broadside, Capricorn, NAVCM, Gamma, Gorizont, Guppy, NSS, rita, ISSO, submiss, ASDIC, .tc, 2EME REP, FID, 7NL SBS, tekka, captain, 226, .45, nonac, .li, Ionosphere, Mole, Keyhole, NABS, Kilderkin, Artichoke, Badger, Emerson, Tzvrif, SDIS, T2S2, STTC, DNR, NADDIS, NFLIS, CFD, quarter, Cornflower, Daisy, Egret, Iris, JSOTF, Hollyhock, Jasmine, Juile, Vinnell, B.D.M., Sphinx, Stephanie, Reflection, Spoke, Talent, Trump, FX, FXR, IMF, POCSAG, rusers, Covert Video, Intiso, r00t, lock picking, Beyond Hope, LASINT, csystems, .tm, passwd, 2600 Magazine, JUWTF, Competitor, EO, Chan, Pathfinders, SEAL Team 3, JTF, Nash, ISSAA, B61-11, Alouette, executive, Event Security,! Mace, Cap-Stun, stakeout, ninja, ASIS, ISA, EOD, Oscor, Merlin, NTT, SL-1, Rolm, TIE, Tie-fighter, PBX, SLI, NTT, MSCJ, MIT, 69, RIT, Time, MSEE, Cable & Wireless, CSE, SUW, J2, Embassy, ETA, Fax, finks, Fax encryption, white noise, Fernspah, MYK, GAFE, forcast, import, rain, tiger, buzzer, N9, pink noise, CRA, M.P.R.I., top secret, Mossberg, 50BMG, Macintosh Security, Macintosh Internet Security, OC3, Macintosh Firewalls, Unix Security, VIP Protection, SIG, sweep, Medco, TRD, TDR, Z, sweeping, SURSAT, 5926, TELINT, Audiotel, Harvard, 1080H, SWS, Asset, Satellite imagery, force, NAIAG, Cypherpunks, NARF, 127, Coderpunks, TRW, remailers, replay, redheads, RX-7, explicit, FLAME, JTF-6, AVN, ISSSP, Anonymous, W, Sex, chaining, codes, Nuclear, 20, subversives, SLIP, toad, fish, data havens, unix, c, a, b, d, SUBACS, the, Elvis, quiche, DES, 1*, NATIA, NATOA, sneakers, UXO, (), OC-12, counterintelligence, Shaldag, sport, NASA, TWA, DT, gtegsc, owhere, .ch, hope, emc, industr! ial espionage, SUPIR, PI, TSCI, spookwords, industrial intelligence, H.N.P., SUAEWICS, Juiliett Class Submarine, Locks, qrss, loch, 64 Vauxhall Cross, Ingram Mac-10, wwics, sigvoice, ssa, E.O.D., SEMTEX, penrep, racal, OTP, OSS, Siemens, RPC, Met, CIA-DST, INI, watchers, keebler, contacts, Blowpipe, BTM, CCS, GSA, Kilo Class, squib, primacord, RSP, Z7, Becker, Nerd, fangs, Austin, no|d, Comirex, GPMG, Speakeasy, humint, GEODSS, SORO, M5, BROMURE, ANC, zone, SBI, DSS, S.A.I.C., Minox, Keyhole, SAR, Rand Corporation, Starr, Wackenhutt, EO, burhop, Wackendude, mol, Shelton, 2E781, F-22, 2010, JCET, cocaine, Vale, IG, Kosovo, Dake, 36,800, Hillal, Pesec, Hindawi, GGL, NAICC, CTU, botux, Virii, CCC, ISPE, CCSC, Scud, SecDef, Magdeyev, VOA, Kosiura, Small Pox, Tajik, +=, Blacklisted 411, TRDL, Internet Underground, BX, XS4ALL, wetsu, muezzin, Retinal Fetish, WIR, Fetish, FCA, Yobie, forschung, emm, ANZUS, Reprieve, NZC-332, edition, cards, mania, 701, CTP, CATO, Phon- e, Chicago! Posse, NSDM, l0ck, spook, keywords, QRR, PLA, TDYC, W3, CUD, CdC, Weekly World News, Zen, World Domination, Dead, GRU, M72750, Salsa, 7, Blowfish, Gorelick, Glock, Ft. Meade, NSWT, press- release, WISDIM, burned, Indigo, wire transfer, e-cash, Bubba the Love Sponge, Enforcers, Digicash, zip, SWAT, Ortega, PPP, NACSE, crypto-anarchy, AT&T, SGI, SUN, MCI, Blacknet, SM, JCE, Middleman, KLM, Blackbird, NSV, GQ360, X400, Texas, jihad, SDI, BRIGAND, Uzi, Fort Meade, *&, gchq.gov.uk, supercomputer, bullion, 3, NTTC, Blackmednet, :, Propaganda, ABC, Satellite phones, IWIS, Planet-1, ISTA, rs9512c, South Africa, Sergeyev, Montenegro, Toeffler, Rebollo, sorot, cryptanalysis, nuclear, 52 52 N – 03 03 W, Morgan, Canine, GEBA, INSCOM, MEMEX, Stanley, FBI, Panama, fissionable, Sears Tower, NORAD, Delta Force, SEAL, virtual, WASS, WID, Dolch, secure shell, screws, Black-Ops, O/S, Area51, SABC, basement, ISWG, $ @, data-haven, NSDD, black-bag, rack, TEMPEST, Goodwin, rebels, ID, MD5, ID! EA, garbage, market, beef, Stego, ISAF, unclassified, Sayeret Tzanhanim, PARASAR, Gripan, pirg, curly, Taiwan, guest, utopia, NSG, orthodox, CCSQ, Alica, SHA, Global, gorilla, Bob, UNSCOM, Fukuyama, Manfurov, Kvashnin, Marx, Abdurahmon, snullen, Pseudonyms, MITM, NARF, Gray Data, VLSI, mega, Leitrim, Yakima, NSES, Sugar Grove, WAS, Cowboy, Gist, 8182, Gatt, Platform, 1911, Geraldton, UKUSA, veggie, XM, Parvus, NAVSVS, 3848, Morwenstow, Consul, Oratory, Pine Gap, Menwith, Mantis, DSD, BVD, 1984, blow out, BUDS, WQC, Flintlock, PABX, Electron, Chicago Crust, e95, DDR&E, 3M, KEDO, iButton, R1, erco, Toffler, FAS, RHL, K3, Visa/BCC, SNT, Ceridian, STE, condor, CipherTAC-2000, Etacs, Shipiro, ssor, piz, fritz, KY, 32, Edens, Kiwis, Kamumaruha, DODIG, Firefly, HRM, Albright, Bellcore, rail, csim, NMS, 2c, FIPS140-1, CAVE, E-Bomb, CDMA, Fortezza, 355ml, ISSC, cybercash, NAWAS, government, NSY, hate, speedbump, joe, illuminati, BOSS, Kourou, Misawa, Morse, HF, P415, ladylove, fi! lofax, Gulf, lamma, Unit 5707, Sayeret Mat’Kal, Unit 669, Sayeret Golani, Lanceros, Summercon, NSADS, president, ISFR, freedom, ISSO, walburn, Defcon VI, DC6, Larson, P99, HERF pipe-bomb, 2.3 Oz., cocaine, $, impact, Roswell, ESN, COS, E.T., credit card, b9, fraud, ST1, assassinate, virus, ISCS, ISPR, anarchy, rogue, mailbomb, 888, Chelsea, 1997, Whitewater, MOD, York, plutonium, William Gates, clone, BATF, SGDN, Nike, WWSV, Atlas, IWWSVCS, Delta, TWA, Kiwi, PGP 2.6.2., PGP 5.0i, PGP 5.1, siliconpimp, SASSTIXS, IWG, Lynch, 414, Face, Pixar, IRIDF, NSRB, eternity server, Skytel, Yukon, Templeton, Johohonbu, LUK, Cohiba, Soros, Standford, niche, ISEP, ISEC, 51, H&K, USP, ^, sardine, bank, EUB, USP, PCS, NRO, Red Cell, NSOF, Glock 26, snuffle, Patel, package, ISI, INR, INS, IRS, GRU, RUOP, GSS, NSP, SRI, Ronco, Armani, BOSS, Chobetsu, FBIS, BND, SISDE, FSB, BfV, IB, froglegs, JITEM, SADF, advise, TUSA, LITE, PKK, HoHoCon, SISMI, ISG, FIS, MSW, Spyderco, UOP, SSCI, NIMA, HAMASMOIS, SVR, SIN, advisors, SAP, Monica, OAU, PFS, Aladdin, AG, chameleon man, Hutsul, CESID, Bess, rail gun, .375, Peering, CSC, Tangimoana Beach, Commecen, Vanuatu, Kwajalein, LHI, DRM, GSGI, DST, MITI, JERTO, SDF, Koancho, Blenheim, Rivera, Kyudanki, varon, 310, 17, 312, NB, CBM, CTP, Sardine, SBIRS, jaws, SGDN, ADIU, DEADBEEF, IDP, IDF, Halibut, SONANGOL, Flu, &, Loin, PGP 5.53, meta, Faber, SFPD, EG&G, ISEP, blackjack, Fox, Aum, AIEWS, AMW, RHL, Baranyi, WORM, MP5K-SD, 1071, WINGS, cdi, VIA, DynCorp, UXO, Ti, WWSP, WID, osco, Mary, honor, Templar, THAAD, package, CISD, ISG, BIOLWPN, JRA, ISB, ISDS, chosen, LBSD, van, schloss, secops, DCSS, DPSD, LIF, PRIME, SURVIAC, telex, SP4, Analyzer, embassy, Golf, B61-7, Maple, Tokyo, ERR, SBU, Threat, JPL, Tess, SE, EPL, SPINTCOM, ISS-ADP, Merv, Mexico, SUR, SO13, Rojdykarna, airframe, 510, EuroFed, Avi, shelter, Crypto AG.