On the ubiquity of web-enabled microphones

Let me briefly outline my concerns around the issue of web-enabled microphones in a general way.  We have entered an age where in developed countries, the vast majority of citizens are surrounded by these microphones at all times.  Even in the bedroom now, since the smartphone is becoming the new alarm clock for many.

Bruce Schneier (computer security expert, now also with the EFF) has remarked: “It’s bad civic hygiene to build technologies that could someday be used to facilitate a police state.  No matter what the eavesdroppers and censors say, these systems put us all at greater risk.”

There are two elements of this emerging technology that prompt me to regard this as bad civic hygiene:  the omnipresence of these microphones, and the increasing lack of technological constraint allowing their compromise by state and other actors.

When I say “increasing lack of technological constraint”, I am referring to several things:  the descriptions of actions by agencies such as NSA, GCHQ, and the FBI who are specifically targeting smartphones (e.g. Tailored Access Operations of NSA and Remote Operations Unit of FBI), the exploding grey market for zero-day vulnerabilities dominated by state actors (especially the United States), and the emerging market for contractors who are developing exploits and software tools which enable to these vulnerabilities to be efficiently utilized.  (Vupen in France, Hacking Team in Italy, Endgame Systems in U.S., FinFisher in the U.K., etc.)

Zero-day vulnerabilities are essentially unintentional backdoors that are discovered in various software applications every year by hackers.  There are hundreds of these things discovered every year, and they are an unavoidable by-product of the software development cycle.  They are a special kind of software bug that can permit a third-party who knows about them to take over a person’s device.  Sort of like skeleton keys which allow entry into anyone’s device that happens to use the operating system or application in which the vulnerability is discovered, and they permit various degrees of power over a person’s device.  Programmers create exploits known as “zero-day exploits” to make use of these vulnerabilities.  A market has emerged whereby these exploits are sold to the highest bidders, which, unsurprisingly, happen to be state actors.  An exploit for the iPhone’s iOS was sold for $500,000 at one point to an unknown buyer – the NSA perhaps, but every intelligence agency on the planet is willing to pay top dollar for these things.  Parties are willing to pay much more if it seems the exploit is likely to go undetected for some time and if it provides a lot of power over the device (laptop, smartphone, or tablet).  However, when a vulnerability is discovered “in the wild” and reported to the software company (as should be the case), the value drops to near zero very quickly as the software company develops a “patch” and sends out security updates to consumers.  In any event, the result of these activities over just the past decade is that sophisticated intelligence agencies, and certainly the FBI and NSA, now possess a revolving set of skeleton keys that allow them to reach inside virtually anyone’s device on the planet.  They don’t need a warrant to do this, and they don’t need permission from the telecoms or software companies.  They don’t have to notify any third parties that this is happening.  This is a HUGE amount of power for any state actor to have.

Federal law enforcement agencies like the FBI have been clamoring for mandatory backdoors into all these new web-based technologies, but there are fundamental technical issues with integrating a CALEA-type system with the internet (CALEA = Communications Assistance for Law Enforcement Act of 1994).  Security experts are suggesting that the feds (including domestic agencies like the FBI) develop teams of hackers to perform wiretaps in the future.  They are essentially recommending that the FBI develop their own Tailored Access Operations (an NSA hacking division).  Installing a CALEA-type system will fundamentally weaken the security of the internet for everyone, they claim, and it’s also not very practical because new technologies develop so rapidly.  It will hinder innovation.  (From later note:  we now know the FBI has already developed their own hacking team with the Remote Operations Unit.  Chris Soghoian, principal technologist with the ACLU, discovered the Remote Operations Unit through former contractors’ CVs on LinkedIn and put the pieces together.)

See this paper for background:  https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf

“Going Bright: Wiretapping without Weakening Communications Infrastructure” | Steven M. Bellovin, Matt Blaze, Sandy Clark, Susan Landau | IEEE Security & Privacy 11:1, Jan/Feb 2013

My comments on the authors’ analysis in this paper:  OK, fine, mandatory backdoors are unacceptable.  But if the feds’ teams of hackers develop the power to enact wiretaps and bugs without having to ask for third-party permission, that will facilitate intelligence laundering on a wide scale.  Sure, the information/evidence can’t be presented in court.  But they are more than happy to find other ways to use the information.  Numerous examples of this have cropped up in the past year in the press (e.g. Special Operations Division – a joint operation between DEA, FBI, and NSA – slides were released a few months after Snowden to the press in a leak, but they were not part of the Snowden dump.  Agents are specifically instructed to “recreate” the trail of an investigation to hide the original sources.  They are effectively removing any poisonous taint from illegal surveillance by fabricating an independent source and never revealing the original surveillance.  I believe they are generally handling narcotics cases, and the ACLU and EFF filed an Amicus brief late last year in a case in SF court as a result of the slides, because they suspected illegal surveillance might be taking place and intelligence was being laundered – see United States of America v. Diaz-Rivera – a very recent case, not sure what the outcome was at the suppression hearing.  Google:  Special Operations Division)

In regards to the cell mic->bug method, the power of this method should be obvious when you consider that a huge portion of conversations in the developed world these days takes place within earshot of a web-enabled mic.  True, the technology will probably limit the use of this method to cases of “targeted exploitation” only and it might never be used on a truly massive scale (unless they get their backdoor wish).  But when you read about how exploit management has become automated to the extent of owning thousands of devices at once, it raises serious questions about what “targeted exploitation” even means on a practical level.  See the NSA “TURBINE” program for an example of relatively large-scale automated management of hacked devices via exploits.  I do not find the term “targeted” particularly encouraging in light of their capabilities.

In addition, recent technological advances in the fields of speech transcription (BABEL program at IARPA, GALE at DARPA, MLT from Northrop Grumman (Machine Language Translation), software from Nexidia, a company with DOD contracts, along with programs in high-level semantic analysis from the MITRE corporation “to interpolate what people mean from what people say”) and voiceprint recognition (huge databases being built – much more of a privacy threat in the long term than faceprint recognition, IMO) would facilitate the audio content to be converted to output that resembles a chat log in a process known as speaker diarization.   This log could be analyzed very efficiently with keyword searches and other automated data mining tools that are emerging.  If sections are hard to transcribe, an analyst could fast forward instantly to those sections for closer listening.  So the cost of monitoring hundreds or thousands of hours of voice chatter has come down precipitously and the tools to derive intelligence from it are more powerful than ever.

Ergo, the stage is being set for intimate surveillance of people’s lives not just in cyberspace, but in everyday face-to-face interaction on a relatively large scale that is likely to only increase with time.  Facial recognition in public is nothing compared to this.  The power imbalance enabled by this technology between the authorities and the citizenry is a cause for concern, and the authorities have every motivation to limit the exposure that this method might receive.

The smartphone is God’s gift to Big Brother.  This is clear from both NSA slides and GCHQ slides, which specifically describe copious efforts to hack into and control every single model of smartphone on the market – even relatively obscure models.  Given the capabilities of the smartphone, we might ask what makes it more special than a laptop or home computer in terms of attracting attention from intelligence agencies.  They both contain email and contact information.  But the smartphone has a microphone that is carried with the user everywhere, and it also has a GPS antenna.  This makes it a uniquely powerful source of intelligence on a person far beyond a home computer.  The ability to turn the microphone into a bug is sometimes called a “hot mic” in internal presentations.  A GCHQ slide gave this capability the codename “Nosey Smurf”.

I’ve been tracking mobile device management (smartphone use by employees) at the Pentagon through contractor newsletters, and the solution they are moving towards in terms of protecting data on their employees’ smartphones is to reengineer the kernel to minimize the attack surface.  In other words, they are re-engineering the microchips to try to make them more secure.  There are other companies coming out with secure smartphones for security-conscious people who are not government workers with security clearances — there’s the Privacy Phone from FreedomPop, the Black Phone from Silent Circle, and the Boeing Black smartphone.  The problem with all of these models is that none of them are hack-proof.  Not even the phones from the Pentagon for NSA employees.  It’s impossible with modern software and hardware to KNOW that something is hack-proof.  They all know this very well, but they are just counting on maintaining a strategic edge over their adversaries.  It’s the cyber-arms race.

Turning off a smartphone will not necessarily prevent it from being surveilled.  You cannot know if it is actually ever off.  There has been a lot of discussion about this online.  You may not have caught this detail, but when journalists first went to visit Snowden in Hong Kong, he asked everyone to put their phones in the freezer before he started talking.  Some activists (for example the Occupy crowd) were known to be taking the batteries out of their phones.  This would do the trick, but it’s kind of a pain in the ass.

So I’m proposing a solution which is relatively simple, 100% hack-proof, and effectively neutralizes billions of dollars worth of surveillance equipment.  It’s just an off-switch for the microphone.  It disconnects the circuit.  Voila.  You cannot break the laws of physics.  You cannot access something from the web which has been removed completely off the web.  I know enough to know that I will never catch up with these hackers, so let’s forget about all that shit and step completely outside of the cyber-arms race for all time.  I’m actually quite dumbfounded that nobody is suggesting making a product with this feature.  However, I also think it would be handy for many people to be able to neutralize the GPS-tracking.  So I think an off-switch that had three positions would be ideal.  First position: normal.  Second position: microphone is cut off, but the antennas still are functioning to remain online, receive calls, texts, or emails.  This would be handy for activists, journalists, dissidents, etc. who don’t want to have to take the batteries out of their phones every time they get together in social situations.  Third position:  antennas are cut off along with the mic.  This neutralizes location tracking as well.  Three positions might be confusing to folks at first (?) but I think the utility would become evident.  Mic off but still online allows people to remain receptive to calls and emails.  Jacob Appelbaum (hacktivist in Germany – has access to Snowden files along with Laura Poitras) is always recommending to people to leave their phones at home.  I understand where he’s coming from and I’m 100% with him as far as cause for concern goes, but… good luck in convincing people to actually do that.   I think the switch should be physical in nature, because any software-based system could be vulnerable, and a phone with a physical switch could be opened up for examination by Gizmodo or the EFF.

A friend suggested that a 3-way off switch might possess enough novelty to warrant a patent.  I have no idea.  I hope that it’s not actually patentable, because I just want to see that a product like this is made, but I actually have some concerns because of my situation that the government would take my idea and give it to a contractor, or patent it themselves and sit on the patent.  Yes, I think it would be valuable enough to them for them to consider doing something like that, based on everything I’ve read about their interest in smartphones.  And the NSA’s attitude is that they are willing to sacrifice computer security in general for everyone around the globe so long as they feel they are maintaining a _strategic edge_ over their adversaries.  So something that would neutralize the playing field for everyone is not what they would consider to be in their best interest.  It _is_ in the best interest of the citizens however who have natural and healthy privacy interests, I feel strongly, because if these agencies are permitted, they will start recording every face-to-face conversation on the planet and screening the conversations in the same way they do with email now.  They don’t have to necessarily record the audio either, as that would take up huge amounts of memory.  The default mode would probably use transcription to go straight from voice to text.  Then for higher-value targets, the audio content might also be saved.

And all intelligence agencies around the globe will desire to keep this a secret for as long as possible.  This level of power would have been unimaginable a decade ago, but it is probably not even a decade off at this point.

I believe there would be an instant global market for a smartphone that had this feature.  It would be potentially be upsetting to many intelligence agencies, however, who have invested billions in location tracking alone.  And once a product like this is produced, there’s no way for them to get around it.  It’s physics at that point – not computer science.  People just have to be mindful to use the switch.

Then there are still the microphones on our laptops and perhaps appliances in the future in the coming “internet of things”.  One thing at a time, I guess.

Borrowing Schneier’s phrase, there is some very poor civic hygiene unfolding.  I’d like to see this addressed, and I think now might be a decent time when there is a lot of public concern.  Before complacency sets in again.