Wednesday, November 6, 2013

Security Director Alert - Draft a 'No Recording' Policy for Your Company

IMPORTANT 
Here's why... 

by Philip L. Gordon, Littler Mendelson P.C.
With audio recording applications (“apps”) often standard issue on ubiquitous smart phones, employees are now armed with a relatively inconspicuous way to capture their supervisor’s every gaffe.  

Signs available here.
In September, a $280,000 jury verdict in favor of an employee on race and sex discrimination claims demonstrated just how damaging an audio recording can be in employment litigation. In that case, the plaintiff, who is African American, caught her supervisor, who is Hispanic, using the “N” word on tape, and the judge admitted the recording into evidence. Putting aside the risk of employees collecting damaging evidence for anticipated litigation, the ever-present specter of audio recording can undermine the type of corporate culture that so many employers are trying to encourage nowadays, one that thrives on collaboration and candid discussion among colleagues.

In 13 states — California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania and Washington — anti-wiretap laws generally prohibit the recording of face-to-face communications without the consent of all parties to the communication. However, in the remaining 37 states and under federal law, audio recordings, whether surreptitious or not, are legal so long as the person making the recording participates in the recorded conversation. In these states, secret recordings by one of the participants not only are legal, but the former Acting General Counsel (“Acting GC”) of the National Labor Relations Board (NLRB) recently took the position that workers have a legally protected right to record their co-workers and managers. In a decision published on October 30, 2013, an administrative law judge (ALJ) flatly rejected the Acting GC’s position and upheld the employer’s general prohibition on all audio recordings in the workplace without prior management approval.

The employer in that case, Whole Food Markets, promulgated the prohibition to thwart the “chilling effect” of workplace audio recording. More specifically, Whole Foods’ policy explains that concern about audio recording “can inhibit spontaneous and honest dialogue especially when sensitive or confidential matters are being discussed.” Although not stated in the policy, Whole Foods’ head of human resources testified that the policy applied to all employees, whether management or non-management; to all devices that captured voice; and in all areas of the store, including the store’s parking lot and entrance area; but only during working time. (more)


Ask Philip Gordon about drafting a "no recording in the workplace" policy for you. 
Be sure to add video, too.

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

The Wall of Sound Meets its Match - Sono - An Acoustical Wall Filter Idea

Austrian industrial designer Rudolf Stefanich has created a concept device that is capable of filtering outside noise from entering your room.

Called ‘Sono’, it transforms any window into an “active noise canceling system”, allowing users to eliminate and filter the sounds that pass through their windows.


By turning a knob, the device filters out disruptive noises like car horns and construction works, but allows pleasant sounds like birds chirping or the sound of the wind through.

“In our loud and busy world, a moment of silence has become a scarce and almost luxurious experience,” said Stefanich. “Sono lets you reclaim that silence for your home.” (more)


FutureWatch - The same concept could be used to prevent eavesdropping via acoustical leakage from rooms.

Tuesday, November 5, 2013

A Brief Spy Technology Retrospective

Government surveillance is nothing new. The United States started tracking telegraphic information entering into and exiting the country in 1945. The technology associated with spying, however, has become much more advanced. History shows a steady evolution of the ways governments secretly gather information.

More info about The Thing.
"Spying has gone on throughout history," says Peter Earnest, a former Central Intelligence Agency officer and executive director of the International Spy Museum. "Since globalization, spying has increased because countries want to know what other countries are doing.The discipline of intelligence has already increased a great deal in the post-Cold War world."

Briefcase recorders in the 1950s led to transmitters hidden in shoes in the 1960s. By the early 1970s, bugs hidden in tree stumps intercepted communication signals. Devices continued to become more compact. In the 1980s, tiny transmitters with microphones were hidden in pens.

The advent of the Internet ushered in the Web bug, which tracked who viewed websites or e-mails and provided the IP address of an e-mail recipient. In 2013, drones and computer programs continue to develop as surveillance tools.

So how does the future look for spying?

"It looks good,"
Earnest said. (more, with photos of spy gear)

Monday, November 4, 2013

How a Slight Movement Can ID Your Smartphone

One afternoon, security researcher Hristo Bojinov placed his Galaxy Nexus phone face up on the table in a cramped Palo Alto conference room. Then he flipped it over and waited another beat. And that was it. In a matter of seconds, the device had given up its "fingerprints."

Code running on the website in the device's mobile browser measured the tiniest defects in the device's accelerometer — the sensor that tracks movement — producing a unique set of numbers that advertisers could exploit to identify and track most modern smartphones.

The accelerometer enables, among other things, the browser to shift from landscape to vertical as a user tilts the phone. It turns out every accelerometer is predictably imperfect, and slight differences in the readings can be used to produce a fingerprint. Marketers could use the ID the same way they use cookies — the small files that download from websites to desktops — to identify particular users, monitor their online actions and target ads accordingly.

It's a novel approach that raises a new set of privacy concerns: Users couldn't delete the ID like browser cookies, couldn't mask it by adjusting app privacy preferences — and wouldn't even know their device had been tagged. (more)

Sunday, November 3, 2013

When Paranoids Collide they Blow the Whistle on Tea Kettles

Customs agents in Russia found tea kettles and irons bugged with tiny Spyware chips that exploit WiFi connections, reports a local news outlet coming out of St. Petersburg.

According to Gizmodo, the microchips are capable of spreading spam and malware to WiFi-enabled devices within 200 meters.  Specific details of the dodgy shipments remain shady...

Simon Sharwood of The Register reports that it is indeed possible to build a spambot small enough to fit inside of a kettle, as the necessary components are small and cheap enough...


One question remains unanswered, however: why would China send bugged tea kettles to spy on the ordinary tea-drinkers of Russia?

Gizmodo suggests that perhaps local authorities were mistaken about their findings, pointing out that WiFi tea kettles already exist.

Business Insider speculates that if the kettles are bugged, it could very well be a test for larger operations to plant such microchips.

We'll let you weave your own intricate conspiracy theory. (more)

Last Week on Halloween


This Judge is a Surveillance Expert. He has Cred.

James G. Carr ’62, a senior judge on the U.S. District Court for the Northern District of Ohio and a former member of the Foreign Intelligence Surveillance Court (FISC), described the process through which the federal government conducts electronic surveillance and railed against National Security Agency (NSA) whistleblower Edward Snowden in a talk in the Gund Gallery’s Community Foundation Theater...

Carr told his audience “every one of us in this room probably has been overheard under a FISA warrant... It’s a general search,” Carr said, “that which the Fourth Amendment most directly and most clearly, unequivocally prohibits. Nobody can dispute that.”...

In July, Carr wrote an op-ed in The New York Times calling for Congress to reform the court. He suggested judges be allowed to appoint outside lawyers to “represent the interests of the Constitution and the public” in cases where a novel issue, such as new surveillance technology, is present in the warrant application. Government agents are required to inform the court if their application raises that kind of issue...

Carr had harsh words for Edward Snowden, the former NSA contractor who provided documents about NSA surveillance procedures to journalists before fleeing to Hong Kong and then Russia. He asked audience members how many of them thought Snowden’s actions were worthwhile, and upon seeing hands raise, said, “I want to try and disabuse you of that view.”

Snowden, he said, had been “in the hands of the Chinese and the Russians for months, and if anybody in this room thinks for a moment that they don’t know everything he learned … c’mon now. 

The NSA, Carr said, “does a crucially important job,” whereas Snowden, whom he mockingly called “the great American patriot,” had done “irredeemable” damage.

In the Q & A after the talk, one student asked Carr, “Why bother protecting our lives if you don’t first protect our rights?” Carr responded, “Because if we have no lives, we have no rights.” (more)

Why is Carr the expert? 
Because he wrote the book. (more)

10 Most Audacious Eavesdropping Plots

Operation Ivy Bells
At the height of the cold war, the National Security Agency, CIA and the US Navy collaborated to tap into underwater communication lines used by the Soviet Union. 

Operation Stopwatch
This joint operation between the CIA and the British Secret Intelligence Service was again an attempt to tap into communications by the Soviet Military.

The Cambridge Spies
Rather than relying on modern eavesdropping, this operation used old fashioned infiltration.

Click to enlarge.
The Gunman Project
During 1976, the KGB managed to install miniaturized eavesdropping equipment and transmitters inside 16 IBM Selectric Typewriters used by staff at the US embassy in Moscow and consulate in Leningrad. 

The Bundesnachrichtendienst Trojan Horse Affair
Germany may have been the victim off NSA eavesdropping, but its own Federal Intelligence Service, the Bundesnachrichtendienst, has also engaged in such activities.

The MI6 Spy Rock
In a modern version of the dead letter drop, British spies working out of the embassy in Russia used a transmitter concealed in an artificial rock to pass classified data. 

Acoustic Kitty
Acoustic Kitty was a top secret 1960s CIA project attempting to use cats in spy missions, intended to spy on the Kremlin and Soviet embassies. (more)

Moles in Berlin
In 1956, American and British agents tunneled into East German territory in order to tap a telephone line. This allowed them to eavesdrop on important conversations between Red Army leaders and the KGB. A segment of the tunnel can now be visited. (more)

U2
An international diplomatic crisis erupted in May 1960 when the Union of Soviet Socialist Republics (USSR) shot down an American U-2 spy plane in Soviet air space and captured its pilot, Francis Gary Powers. Confronted with the evidence of his nation's espionage, President Dwight D. Eisenhower was forced to admit to the Soviets that the U.S. Central Intelligence Agency (CIA) had been flying spy missions over the USSR for several years. (more)

Animal Spies
A former CIA trainer reveals, the U.S. government deployed nonhuman operatives—ravens, pigeons, even cats—to spy on cold war adversaries. “We never found an animal we could not train.” (more)

What Corporations Can Learn from the Vatican

Contrary to a widely circulated report, the US National Security Agency (NSA) could not have eavesdropped on the conclave that elected Pope Francis, a veteran Vatican journalist has reported.

Andrea Tornielli of La Stampa writes that the Vatican had deployed sophisticated anti-bugging technology in the Sistine Chapel and throughout the apostolic palace in the days leading up to the conclave. The anti-bugging measures were already in place during the general congregations at which cardinals exchanged ideas prior to the opening of the conclave. Reporters who were in the building testified that internet connections were interrupted and cell-phone signals lost when the system was activated. 

Vatican security experts take pride in their ability to foil espionage, Tornielli reports. (more)

Can a Perv Skirt Privacy Laws by Raising The First Amendment?

MA - An Andover man is hoping to slip past the law by arguing women in skirts are taking a chance when they ride the T (Boston's transit system) because there’s no guarantee of privacy. 

Michael Robertson is appealing to the state’s highest court saying he didn’t commit a crime when he allegedly tried to take cellphone photos up women’s dresses on the Green Line in August 2010.

That “up-skirt” case included an undercover transit cop and another T passenger. The 31-year-old now faces more than two years in jail if convicted of two counts of photographing an unsuspecting nude or partially nude person.

His lawyer argues it’s the outdated law that’s in the wrong — not her (sic) client — and other photographers could have their First Amendment rights trampled, too. (more)

Music to Spy By

via Jason Whiton, SpyVibe.blogspot.com...The UK distributor, Network (the "Criterion Collection" of retro TV/Film), has been tempting us for some time with news of upcoming remastered vinyl soundtracks from spy shows like The Prisoner, Department S, and The Saint. Some lucky collectors in Britain even had a chance to pick up a limited-edition EP of spy tunes during the last Record Store Day.

From Network's On Air newsletter: "It’s a measure of the quality of the music from these series that it can be enjoyed outside of the context of the programmes themselves, as our previous soundtrack releases on CD have demonstrated. 

Now, with the resurgence of interest in that formerly archaic artefact the LP record, we’re proud to present the first in a series of brand-new audiophile releases on 180g virgin vinyl. 

Although high-quality masters were already available from the CD releases, we have returned to the original analogue tapes which have been mastered afresh for vinyl to take advantage of the format’s more subtle dynamic range. Mastering and vinyl cutting have been supervised by one of the very best in the business – Ray Staff of AIR Studios – ensuring that these tracks have never sounded so good since they went down onto tape in the late 1960s." (more)

Saturday, November 2, 2013

High School Football Spying?!?! - Four Destrehan Coaches Accused

LA - Five people, including four Destrehan High School assistant football coaches, were booked with unauthorized use of intellectual property Wednesday after they allegedly used a leaked computer password to get a sneak peek at the game plan of their upcoming opponent, South Lafourche. 

Others could still be charged, said Brennan Matherne, public information officer for the Lafourche Parish Sheriff’s Office...

The criminal charges are the latest fallout stemming from an incident in which the coaches allegedly used computers to spy on South Lafourche’s football practices last week.

The scandal already has resulted in a forfeit for Destrehan and sanctions for the coaches involved. (more)

Encryptor's Unite! - From Those Wonderful Folks Who Brought You Lavabit & Silent Circle

Our Mission - To bring the world our unique end-to-end encrypted protocol and architecture that is the 'next-generation' of private and secure email.

As founding partners of The Dark Mail Alliance, both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and jointly work to proliferate the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers. 

Our goal is to open source the protocol and architecture and help others implement this new technology to address privacy concerns against surveillance and back door threats of any kind. (more)

In the Days Before Spread Spectrum Communications - Spread Wings Communications

Read all about America's secure communications laboratory, just miles from the Countermeasures Compound, in Ft. Monmouth, NJ... (more)


Friday, November 1, 2013

Mobile Phone Use a Significant Security Risk for Companies

New research suggests that companies are leaving themselves open to potentially serious security and legal risks by employees’ improper use of corporate mobile devices.

Buy them the Cone of Silence.
Experts from the University of Glasgow looked at a sample of mobile phones returned by the employees from one Fortune 500 company and found that they were able to retrieve large amounts of sensitive corporate and personal information. The loss of data such as this has potential security risks, inviting breaches on both an individual and corporate level.

A University of Glasgow release reports that the data yielded by this study on thirty-two handsets included a number of items that could potentially cause significant security risks and, lead to the leakage of valuable intellectual property or exposed the company to legal conflicts. (more)