(Note: This post contains original research into the links between Carrier IQ and the CIA. If you're impatient to get to that stuff, scroll down. Then spread the news.)
If there's one thing I cannot abide, it's knee-jerk defeatism when it comes to questions of cyber-privacy. "Oh well -- that's the world we live in. Nothing we can do. If you're not doing anything wrong, you have nothing to worry about..."
Bullshit. There's a lot we can do. And just because you're a law-abiding citizen doesn't mean you should put up with snoops who trample on your rights.
(If you're not doing anything wrong, why not let me install a video camera in your bedroom? Why not let me plant mics in your home and car? Why wear clothing? Are you hiding something?)
I strongly urge you to read this and this. Yes, I just linked to a piece by Farhad MooJuice, who is often wrong on tech issues and obnoxiously complacent about the threat of cyber-spying. If Mr. Passive is worried, then it's time for a nationwide panic reaction.
The culprit is a piece of software called Carrier IQ, which installs a rootkit on your smartphone. It can track your location, your apps, your texts, your every keystroke.
For more on the controversy, see here and here. Predictably, CBS News has come to the defense of Carrier IQ -- which may be all the evidence you need to understand that the software is no damned good.
The Information Week piece (written in the second person, addressed to Carrier IQ) is particularly helpful:
Eckhart has two big concerns: First, your app appears to be seeing everything he does, from HTTPS strings in the browser to actual keystrokes. He wonders if the app logs this sensitive data, or transmits any of it to your servers? Second, he's concerned that the data being tracked by your servers could easily identify individual handset users. Accordingly, "I would like to know exactly who has seen this data, what data has been recorded, and who has recorded it. This data should also be subject to some clear privacy policy," Eckhart says. Without that clarification, he argues, the software is simply a rootkit: unwanted, hidden, hard to delete, but running with root-level access.If Carrier IQ weren't spying on users, they would never have responded in that fashion.
But instead of embracing the spirit of full disclosure, you send Eckhart a draconian cease and desist letter, threatening him with $150,000 per count of copyright violation (for the manuals) and warning that unless he bends over backwards to take back everything he's said about your company, you'll make him pay--big time.
Allegedly, this software exists to "serve you better."
Bullshit. This is Uncle. He's spying on you, on all of us.
I own a tiny old cell phone which is used to make and to receive phone calls -- nothing else. (You can send me a text message, but don't expect me to text back.) Even if cost were not a factor, I would never "upgrade" to an Android or iPhone. It's not that I'm a Luddite or a technophobe -- I've repaired iPhones (on a modest scale), even though I would never own one of the damned things.
Why? Because you can't remove the battery of an iPhone, at least not easily. The iPhone was designed this way because governmental agencies can use your phone to track and triangulate your location every moment of every day. The only sure way to defeat GPS is to take out the battery.
Can "they" track you in other ways? Perhaps. But why make life easy for the people trying to spy on you? I say we should toss sand in their eyes whenever we can.
In truth, I live a rather innocuous life. But purely as a matter of principle, Americans should defend their privacy to the greatest degree possible. Even if you're a soccer mom and the president of your local PTA, live like a fugitive when you go online.
If that prescription seems excessive, then the least you can do is to support Al Franken's efforts to investigate CarrierIQ.
DO NOT BELIEVE the software and hardware providers when they say that they will not misuse the information they gather. They are lying. They can never, ever be trusted.
Only laws -- combined with much greater operational transparency -- will stop them. In their press statement, Carrier IQ tells the public that they are operating within the laws. They don't tell you that current law is woefully insufficient.
The CIA connection: Here are the executive officers for Carrier IQ. And now it's time for Cannonfire readers to play one of our favorite games: Spot the Spook.
Let's start with CEO Larry Lenhart. Hmm. How does this resume sound...?
Before his CEO experiences, Larry was a managing partner at Deloitte Consulting and at AT Kearny, where he provided strategic and operational expertise across the globe with such clients as EDS, AT&T, New Jersey Bell, E-Trade, Novell, Federal Express, GM, Saudi Aramco, Bank of South Africa, DuPont, and many others.I must say, this was a particularly quick game of Spot the Spook. Almost too quick; I wanted more of a challenge.
Deloitte Consulting, eh? All righty, then. The question before us comes down to this: Is Deloitte a spooked up company? Are we dealing with one of those oh-so-special "private" firms which just happens to be plugged directly into our nation's intel community?
You betcha.
One of their senior managers was recently appointed Inspector General of the CIA. The IG is not a position for outsiders; the job usually goes to a "good old boy" veteran of the intelligence world -- someone who can be depended on not to rock too many boats.
Also see here. Carmen Medina of Deloitte (she's the nice lady in the photo reproduced above) also served as the director of the CIA Center for the Study of Intelligence. If you're trying to come up with an innocent explanation as to how such a thing might happen -- save your breath. And grow the fuck up.
Also read this:
Of Deloitte’s 45,000 employees worldwide, more than 5,700 work in this federal practice. They provide solutions regarding business strategy, operations, technology, risk management and human capital. The division works with a host of government contractors and agencies such as the FBI and CIA.And this, from Deloitte's website:
Federal agencies trust Deloitte to address their most critical information and technology challenges -- and we deliver by providing measurable business value through IT.
With deep Federal and commercial industry knowledge, Deloitte is well positioned to support the FBI by leveraging our extensive IT experience in hardware, software, operations, maintenance, and technical and development services. Deloitte's Federal technology professionals offer a broad range of implementation and advisory services to support the FBI in its efforts to better manage critical business information and support mission objectives.
Our FBI service team is led by professionals who possess broad technical and consulting experience coupled with deep knowledge of the Federal law enforcement environment
Deloitte has the experience and professional knowledge to support the FBI's needs under the IT SSS contract. This includes:Deloitte is obviously thisclose to the intelligence/security apparat.
* A deep bench of practitioners with active security clearances and extensive project management certifications
* Demonstrated performance and experience through the FBI Program Management and Support Services (PMSS) contract vehicle as well as other large vehicles with the Department of Homeland Security and Department of Defense
And that means we should be pretty damned scared when we learn that a former Deloitte head honcho suddenly got the funding needed (from In-Q-Tel, perhaps?) to start up a company which just happens to plant a "spy on everything" rootkit in smartphones everywhere.
Back in the '70s, nobody would have put up with that kind of shit. I fear that today's Americans are far more passive.
No comments:
Post a Comment