Advanced Surveillance Technology

Radio Frequency Identification (RFID)

Radio Frequency Identification (RFID) tagging is the use of very small electronic devices (called 'RFID tags') which are applied to or incorporated into a product, animal, or person for the purpose of identification and tracking using radio waves. The tags can be read from several meters away. They are extremely cheap, costing a few cents a piece, so they can be inserted into many types of everyday products without significantly increasing the price, and can be used to track and identify these objects for a variety of purposes.

Many companies are already "tagging" their workers, who are monitored while on the job. Workers in U.K. went on general strike in protest of having themselves tagged. They felt that it was dehumanizing to have all of their movements tracked with RFID chips. Some critics have expressed fears that people will soon be tracked and scanned everywhere they go.





Micro Air Vehicle

Micro Air Vehicle with attached surveillance camera.
HART program concept drawing from official IPTO (DARPA) official website.

Aerial surveillance is the gathering of surveillance, usually visual imagery or video, from an airborne vehicle—such as a unmanned aerial vehicle, helicopter, or spy plane.

Digital imaging technology, miniaturized computers, and numerous other technological advances over the past decade have contributed to rapid advances in aerial surveillance hardware such as micro-aerial vehicles, forward-looking infrared, and high-resolution imagery capabale of identifying objects at extremely long distances. For instance, the MQ-9 Reaper, a U.S. drone plane currently used for domestic operations by the Department of Homeland Security, carries cameras that are capable of identifying an object the size of a milk carton from altitudes of 60,000 feet, and has forward-looking infrared devices that can detect the heat from a human body at distances of up to 60 kilometers.

Key Provisions of the USA Patriot Act

Section 201 -- Gives federal officials the authority to
   intercept wire, spoken and electronic communications
   relating to terrorism.

Section 202 -- Gives federal officials the authority to
   intercept wire, spoken and electronic communications
   relating to computer fraud and abuse offenses.

Subsection 203(b) -- Permits the sharing of grand jury
   information that involves foreign intelligence or
   counterintelligence with federal law enforcement,
   intelligence, protective,immigration, national
   defense or national security officials.

Subsection 203(d) -- Gives foreign intelligence or
   counterintelligence officers the ability to share
   foreign intelligence information obtained as part
   of a criminal investigation with law enforcement.

Section 204 -- Makes clear that nothing in the law
   regarding pen registers -- an electronic device
   which records all numbers dialed from a particular
   phone line -- stops the government's ability to
   obtain foreign intelligence information.

Section 206 -- Allows federal officials to issue roving
   "John Doe" wiretaps, which allow investigators to
   listen in on any telephone and tap any computer they
   think a suspected spy or terrorist might use.

Section 207 -- Increases the amount of time that federal
   officials may watch people they suspect are spies or
   terrorists.

Section 209 -- Permits the seizure of voicemail messages
   under a warrant.

Section 212 -- Permits Internet service providers and
   other electronic communication and remote computing
   service providers to hand over records and e-mails
   to federal officials in emergency situations.

Section 214 -- Allows use of a pen register or trap and
   trace devices that record originating phone numbers
   of all incoming calls in international terrorism or
   spy investigations.

Section 215 -- Authorizes federal officials to obtain
   "tangible items" like business records, including
   those from libraries and bookstores,for foreign
   intelligence and international terrorism
   investigations.

Section 217 -- Makes it lawful to intercept the wire or 
   electronic communication of a computer hacker or
   intruder in certain circumstances.

Section 218 -- Allows federal officials to wiretap or
   watch suspects if foreign intelligence gathering is
   a "significant purpose" for seeking a Federal
   Intelligence Surveillance Act order. The pre-Patriot
   Act standard said officials could ask for the
   surveillance only if it was the sole or main purpose.

Section 220 -- Provides for nationwide service of search
   warrants for electronic evidence.

Section 223 -- Amends the federal criminal code to provide
   for administrative discipline of federal officers or
   employees who violate prohibitions against unauthorized
   disclosures of information gathered under this act.

Section 225 -- Amends FISA to prohibit lawsuits against
   people or companies that provide information to federal
   officials for a terrorism investigation.

Source:(www.mail-archive.com/infowarrior@g2-forward.org/msg01814.html)

What is privacy protection and the Law?

Privacy protection

Approaches to privacy can, broadly, be divided into two categories: free market and consumer protection. In a free market approach, commercial entities are largely allowed to do what they wished, with the expectation that the consumers will choose to do the business with the corporations that respect the privacy to a desired degree. If some companies are not sufficiently respectful of privacy, they will lose market share. Such an approach may be limited by lack of competition in the market, by enterprises not offering privacy options favorable to the user, or by lack of information about actual privacy practices. Claims of privacy protection made by companies may be difficult for consumers to verify, except when they have already been violated.

In a consumer protection approach, in contrast, it is acknowledged that individuals may not have the time or knowledge to make informed choices, or may not have reasonable alternatives available. This approach advocates greater government definition and enforcement of privacy standards.



Privacy Law

Privacy law is the area of law concerning the protecting and preserving of privacy rights of individuals. While there is no universally acceptes privacy law among all countries, some organizations promote certain concepts be enforced by incividual countries. For example, the Universal Declaration of human Rights, article 12, states:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.

source:(http://en.wikipedia.org)

What is privacy?

Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. It sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. When something is private to a person, it ussually means that there is something within them that is considered inherently special or personally sensitive. The degree to which private information is exposed therefore depends in how the public will receive this information, which differs between places and over time. Privacy can be seen as an aspect of security- one in which trade-offs between the interests of one group and another can become particularly clear.

source:(http://en.wikipedia.org)

Who are the computer criminals and what are their objectives?

Some computer criminals are mean and sinister types. But many more wear business suits, have university degrees, and appear to be pillars of their communities. Some are high school or university students. Others are middle-aged business executives. Some are mentally deranged, overtly hostile, or extremely committed to a cause, and they attack computers as a symbol. Others are ordinary people tempted by personal profit, revenge, challenge, advancement, or job security. No single profile captures the characteristics of a "typical" computer criminal, and many who fit the profile are not criminals at all. Whatever their characteristics and motivations, computer criminals have access to enormous amounts of hardware, software, and data; they have the potential to cripple much of effective business and government throughout the world.

OBJECTIVES:

Computer criminals have different objectives. An underground network of hackers helps pass along secrets of success; as with a jigsaw puzzle, a few isolated pieces joined together may produce a large effect. Others attack for curiosity, personal gain, or self-satisfaction. And still others enjoy causing chaos, loss, or harm. Criminals seldom change fields from arson, murder, or auto theft to computing; more often, criminals begin as computer professionals who engage in computer crime, finding the prospects and payoff good. Electronic spies and information brokers have begun to recognize that trading in companies' or individuals' secrets can be lucrative. A hacker wants a score, bragging rights. Organized crime wants a resource; they want to stay and extract profit from the system over time.

(www.informit.com)

Zero-day attack

A zero day attack, also known as a zero hour attack, takes advantage of computer vulnerabilities that do not currently have a solution. Typically, a software company will discover a bug or problem with a piece of software after it has been released and will offer a patch — another piece of software meant to fix the original issue. A zero day attack will take advantage of that problem before a patch has been created. It is named zero day because it occurs before the first day the vulnerability is known.

(www.wisegeek.com)

For example, On November 09, 2006, there was a zero-day attack on a part of Windows called the XMLHTTP 4.0 ActiveX Control. When a web browser opened an infected web page in Internet Explorer (IE), it called the ActiveX control, which then helped the attacker to cause a buffer overflow. Attackers were then able to download spyware and steal data.

(www.mysecurecyberspace.com)

What would you do?

If ever my friend had told me that he is developing a worm which will attack the administrative systems at our college, I'll definitely tell him to stop what he had planned because although it is harmless, in a way it will still cause disturbance as it will cause a message saying _"Let's Party!"_ which is really not appropriate in a place where everyone is working hard such as the said college institution. This kind of activity shows nothing but only foolishness. It might even drive him to the point wherein the college would file a case.