[FRIAM] Charlie Stross keynote to 34th Chaos Communcation Congress

[Steven A Smith]

Eavesdropping through "benign" technology is not new of course... from
using a drinking glass to focus sound waves through a wall to tapping
old school phones, but the current situation is orders of magnitude
crazier.   

Some of us here probably grew up on party lines where if you lifted the
receiver *really carefully* when someone else was on the line you could
listen in without them noticing and of course, there was an era when
*every* phone call went through a switchboard operator (or several)... I
knew several women of my mother's generation who did that job at least
for a few years and had some interesting stories of "who called who and
when" if not some eavesdropping as well!

I worked my way through college as a Private Investigator and while I
never used this trick (and would not for both ethical and legal reasons)
I was aware of it and tested it on my own phones.   Tapping into an
office or home phone was as easy as simply adding a parallel connection
to another phone (the way multiple phones inside one house worked) and
all you needed was access to the phone wires leaving the
house/office.    But that just allowed you to listen in on conversations
held deliberately on the phone, it was also known that some models of
the old rotary dial phones did not not implement a switch for the
microphone circuit when you had the phone "on the hook" so the line out
was "energized" with a very weak signal all the time.  So in many
homes/offices there was a "live mic" connection *outside* the
home/office that could be tapped with sensitive equipment to listen in
on the room. Without a repeater of some kind you had to be "close" (like
those bad 70's movies with a lineman up on a pole outside your house
with binoculars?).

Working at LANL inside sometimes several layers of security, I was
hyper-aware of the *threat* of surveillance which included James Bond
tricks like using a laser to read the modulation of sound impinging on
window panes, not to mention ultra sensitive EMF detection and the use
of Faraday cages to keep a hypothetical adversary from reading the
operation of relays and switches (i.e. printers, keyboard, etc.) from a
distance.

I know a lot of people who put tape over their laptop cameras and worry
about their microphone being tapped, yet few if any of them seem as
careful about their phones which they carry EVERYWHERE... In principle I
want to believe that the open source nature of Android and Linux help
crowdsource our security but there have been some stark examples of
where obvious holes were not noticed by *anyone* (nobody was looking?).  

I admit that *I* don't vet the apps I run on my phone nearly as
carefully as I should if I were worried about surveillance...   and I
haven't done anything to watch for unexpected/unexplained network
traffic implied..  I mostly just trust the herd to start milling and
squalling to alert me if something is wrong.   I am sheeple, so are
(most of) you.

The recent addition of voice recognition like SIRI, hey Google, and
Alexa add a layer of  habituation to being monitored by our *devices*
all of the time and I have to admit to *assuming* (because it is much
scarier not to) that all the sound processing happens in the phone
itself the only thing leaving the phone are high level triggers like

I recently watched "The Circle", a movie made from a Dave Egger's novel
with the antagonist being a megaCorp fashioned somewhat after
Google/Amazon/FaceBook/Twitter/??? all glommed together.   It was a very
dystopic view (sold as a utopia) of total
connectedness/surveillance/transparency... it asked some interesting
questions, but also reminded me of the Spike Jones Movie a few years ago
called "Her" which managed to put a more interesting/hopeful twist on
this (and more acutely AI).

I think Guerin's ideas about sousveillance, with a ubiquitous
authenticated pub/sub model for all signals (esp. camera) down to the
pixel level is a promising way to change the paradigm in a way that adds
both utility and security.

- Steve


On 1/3/18 9:30 AM, uǝlƃ ☣ wrote:
> Speaking of which, Renee's sister bought us an Amazon Echo for Xmas.  I'm already paranoid having my phone monitor audio for "OK Google".  To make me feel better, I leave the ProjectM live wallpaper on to occupy the microphone.  I can't even imagine *wanting* Amazon to listen to my house on a continual basis.  It seems they fixed the physical access crack that allowed listening in: https://www.wired.com/story/amazon-echo-wiretap-hack/  But I suppose more exploits are on the horizon: https://thehackernews.com/2017/11/amazon-alexa-hacking-bluetooth.html
>
> I'm still due a free Google Home, offered with the purchase of my phone.  Pfft.  I imagine claiming it and locking it inside a box with some speakers constantly streaming something like Justin Beiber ... or maybe Celtic Frost: https://www.youtube.com/watch?v=dW6RXTjm4iA
>
> On 01/02/2018 03:48 PM, Marcus Daniels wrote:
>> but adding in speech patterns or even higher-level personality signatures.
>