Monday, October 21, 2013

Thursday, October 17, 2013

Ingress

Google has created a global near real-time augmented reality game, Ingress, which is played on Android devices.It is a great example of mobile gaming immersed in the player's surrounding environment and the outside world.
Image source: geek.com

In November 2012, a viral game, the Niantic Project, appeared. The project was touted as an Investigation Board filled with cryptic clues and secret codes. The story continues to evolve everyday with clues, secrets and game tech waiting to be found and unlocked. Players are encouraged to form alliances across neighbourhoods, cities and countries.The Niantic Project was revealed to be part of a larger Google project called Ingress, a real-time location-based mobile game which according to Geek.com seems:

to be taking the cues from augmented reality games, puzzle games, geocaching, and team-based online gameplay to make a futuristic game where your phone is the center of everything. Teams of players use live maps to hunt for portals, which show up on the game map to be hacked and captured. Outside of the localized mobile view, there’s a global view on desktops that show the whole team in action across the globe.

The game is invite-only and you can request to play at the games site http://www.ingress.com. The app plays out in the real world and according to Google:

Ingress transforms the real world into the landscape for a global game of mystery, intrigue, and competition.
Our future is at stake. And you must choose a side.
A mysterious energy has been unearthed by a team of scientists in Europe. The origin and purpose of this force is unknown, but some researchers believe it is influencing the way we think. We must control it or it will control us.
“The Enlightened” seek to embrace the power that this energy may bestow upon us.
“The Resistance” struggle to defend, and protect what’s left of our humanity.
Install Ingress and transform your world.
The World is the Game
Move through the real world using your Android device and the Ingress app to discover and tap sources of this mysterious energy. Acquire objects to aid in your quest, deploy tech to capture territory, and ally with other players to advance the cause of the Enlightened or the Resistance.
Strategy
The struggle is being played out globally. Track the progress of players around the world, plan your next steps, and communicate with others using an Intelligence map.  

Earlier this year, Google teamed up with HINT water offering in-game codes invites under the bottle caps allowing the player to choose between the Enlightenment and the Resistance, the games two factions. This provides an alternative option to the current modes of obtaining codes, which is usually either the email reservation system which occasionally emails out invite codes, or by getting the attention of one of the community moderators. Once in the game you can take to the streets to complete the puzzles that offer additional in-game power-ups, or simply look under the caps of HINT water bottles. Then you can get back on the the streets and get playing! As long as you have both an Android phone and invite of course.



The following video summarizes the background to the Niantic Project and its progress through 2012:

Thursday, October 10, 2013

GPS Jamming

People wanting to stop GPS tracking of their movements are increasingly using devices that scramble tracking systems. "GPS jammers" can be plugged into car cigarette lighters to create a 500 meter zone around their car which interferes with the tracking systems.

GPS Jammer. Image source: www.foxnews.com


According to The Guardian, GPS tracking systems are used to detect stolen vehicles, monitor vehicle use and to stop drivers working overly long shifts. Using the jammers could also impact on plans to introduce pay as you drive insurance schemes or road toll systems. The Guardian cites Prof Charles Curry of Chronos Technology saying that,

"When people use these, it creates a bubble around their vehicle for about 500 metres that jams any GPS receiver or transmitter. ... It stops any tracking system the owner might have put on the car. Usually they will block GSM [mobile phone] signals too that might also be used to send back a location... It means that for anyone trying to track the vehicle, it just vanishes off the map – it's as though it were in an underground car park."

In the UK, it is not illegal to purchase, sell or possess the jammers. It is currently only an offence under the Wireless Telegraphy Act to "knowingly use" such a device to block GPS signals – though according to The Guardian the communications regulator Ofcom is looking to close some of the loopholes. But some see a danger beyond fatigued drivers however, citing the possibility of the devices affecting aircraft navigation systems, and interfering with the GPS systems of drivers in the immediate vicinity, wiping out their signals also.

The need to address the jamming of GPS devices, has also been reiterated by Brad Parkinson, the project leader of the team who originally created the global positioning system in the 1970s. Parkinson discusses the need for higher penalties for GPS jamming offenders and cited Australia's penalties as an appropriate model for other countries to adopt. He cites an incident where during testing at Newark airport of GPS technology for the blind landing of planes, researchers found that the signal would periodically get jammed at the same time each day. The cause was pinpointed to a truck driver who was trying to jam the GPS on his truck, but the reach of the device to interrupt with the airport signals suggests the potential seriousness of jamming.

In May 2012, the North Koreans used much more powerful jammers to scramble GPS signals near two of South Korea's major airports. The Russian built devices are claimed to be able to affect systems as far as 100km away.

The Australian Communications and Media Authority (ACMA) has intercepted and destroyed nearly 100 illegal signal jammers that interfere with GPS and mobile devices. According to the Sydney Morning Herald (SMH), the jammers were intercepted through the mail between November 2011 and June 2012.

The jammers are illegal in Australia and the possession or supply of the devices can be met with heavy fines and possible imprisonment of two years. Body corporate's can receive up to $225 000 for the offence, while causing interference to radio communications used by emergency services can attract a fine of up to $850 000 or a five year prison sentence.

The SMH states that the ACMA believes most jammers are typically used by those who want to stop mobile phone calls from being made or received in a certain vicinity.

"Others just use them to cause a nuisance. In one example several years ago, the regulator found an imam at a Western Sydney mosque using one during prayers to ensure there was silence. In another, a company installed one in its boardroom after getting advice from a security expert."

There has been a decrease in the number of jammers seized by authorities. According to Mark Loney, executive manager, ACMA's operations and services branch,

"My sense is that the rate of intercepts to the mail stream is falling," he said. "That could be a good sign and that there's less people buying them. Or it could mean that they are coming in and are not being picked up in the mail stream. We don't have perfect knowledge about this but the fact that we're seeing less is encouraging."

The NSW Department of Corrective Services is the only organisation approved within Australia to be granted an exemption. They are currently trialing the jammers at Lithgow jail after an inmate smuggled in a mobile phone with which to control drug operations on the outside.

Jamming GPS becomes problematic when the amount of infrastructure and systems that rely on global navigation satellite systems (GNSS) for deriving position, navigation and timing data (PNT), of which GPS is the most widely used, are considered. The services to which the technology is applied ranges from car navigation, data networks, financial systems, shipping and air transport systems, agriculture, railways, emergency services, and safety of life applications. According to the Royal Academy of Engineering (RAE), many of these systems have GPS as a shared dependency, so a loss of signal could cause the simultaneous failure of many services that are probably expected to be independent of each other.

Furthermore, our reliance on GPS systems continues often without a non-GNSS back-up, or inadequate back-up if contingency plans have been put in place. Therefore, any disruption to the signal can result in a range of consequences dependent on the application. The RAE notes that,

disruptive interference can occur unintentionally and, worse still, deliberate interference is a real and growing possibility. As opportunities arise for criminals to make money, avoid costs or avoid detection, it is known that significant effort will be directed towards attacking GNSS based systems. The banking infrastructure has already seen such an increase in high-tech attacks and now devotes considerable time and expense to countermeasures. Potential and already known mechanisms for deliberate interference include: 
• Jamming GNSS based vehicle tracking devices to prevent a supervisor’s knowledge of a driver’s movements, or avoiding road user charging.
• Rebroadcasting (‘meaconing’) a GNSS signal maliciously, accidentally or to improve reception but causing misreporting of a position.
• Spoofing GNSS signals to create a controllable misreporting of position, for example to deceive tracking devices.
As the use of GNSS for revenue raising purposes increases through road user charging or vehicle tracking, the prevalence of cheap jamming devices will increase. Because the signal received at ground level from the GNSS satellites is weak – it may be as low as -160dBW (1 x 10–16W) – jamming over a small area is easily achieved and it is known that dedicated kit is already readily available for purchase over the internet even though use of that equipment in the UK is illegal. In the United States, monitoring for GPS signal anomalies is routine and the occurrence of jamming incidents, both deliberate and accidental is growing. In the UK, the Technology Strategy Board is supporting a project to establish a service to verify the extent to which GNSS signals can be trusted by users.
Fox News also recently reported on research at the University of Texas which demonstrated the vulnerability of the GPS system. Using a laptop, a small antenna and an electronic GPS “spoofer” built for $3,000, GPS expert Todd Humphreys and his team were able to gain control of a sophisticated navigation system on board a super yacht involved in the research. The team were able to use counterfeit radio signals to steer the vessel and take it off course, while on board, the ship's GPS system indicated the ship was still on course. The research team suggested that such GPS "spoofing" could cause major havoc in maritime contexts and could be also used to interfere with the systems on commercial aircraft. This has obvious implications for security considering the system's vulnerability to be hacked.

Responding to this requires both awareness and policy changes to increase resilience and robustness of GNSS systems. Australian company, Locata has invented what they claim to be the World's first local GPS system, "Locatalite", which "plugs" holes in GPS and offers independent positions, navigation and time capability as well as local back-up for GPS.  The RAE offers a series of recommendations to address the GNSS resilience issues and suggests,
The provision of a widely available PNT service as an alternative to GNSS is an essential part of the national infrastructure. It should be cost effective to incorporate in civil GNSS receivers and free to use. Ideally it should provide additional benefits, such as availability inside buildings and in GNSS blindspots.
These solutions address the infrastructure and technological side of GPS disruption, but perhaps responses should also be directed to understanding the reasons for why people use jammers. Criminal reason's aside, there are issues of increasing surveillance of worker's and the associated discomfort and mistrust encouraged by such tracking; also the need for engaging in activities without the interference of mobile phones, such as in cinemas, and as noted in the Sydney mosque example. Perhaps in these circumstances, focus should not be solely on technological solutions but on social solutions too, and working towards resolving the issues which entice people to use the jammers. 

Wednesday, October 9, 2013

In Google We Trust


Technologically connected but where does our data go? Image source: ABC Four Corners



The ABC current affairs program, Four Corners, recently broadcast an episode that looked at life in the digital age, In Google We Trust. The episode followed the a day in the life of your "average" Australian family, looking at how the everyday technologies they use, create a profile of their movements interests, likes, communications and the extent of the data networks that this information travels through. The program also discusses the opportunities for surveillance, tracking and the general erosion of privacy that these technologies enable, often without much public awareness of these intrusions. Many of these are known to us and our readers here at The Politics of Location, some which will be reiterated in today's post, along with a few examples which are new to us.

The first member of the family to be the focus of the camera's attention is their teenage daughter, Christina. She likes to visit sites such as YouTube, tumblr and instagram to keep up to date with what people and celebrities are doing. She also likes Selena Gomez. Of course, the use of these sites raises the question of privacy agreements required for using such services and whether or not the majority of people read them, and if they do, whether they actually understand them. The answer is a resounding "No". No surprises there. According to Alistair MacGibbon, from the Center for Internet Safety, and former federal police officer:
Even if there are 156 pages of terms and conditions very conveniently though that checkbox is on page one, and I suspect that the majority of Australians have never read a privacy policy and if they had, they probably couldn't understand it.
Furthermore, he notes that people should not be lapsed into a false sense of security based on the familiarity of the environment from which they're accessing the net:
If we think that we're in our lounge room or bedroom engaging in the internet, that it's just us - there're an awful lot of people looking over your shoulder.
This means, that even before Christina starts her school day, her online activity and the data that generates is already travelling internationally and being tracked, providing advertisers with information to directly target marketing to her.  This doesn't really bother Christina because she believes she there is no sensitive information that can be gathered from her internet use and she isn't using her accounts to do anything secret, although one might be doubtful if liking Selena Gomez is something you want shared. But that doesn't particularly seem to bother a twelve year old. The basic message here though is that privacy agreements are often unclear and convoluted, deterring users from perusing and comprehending them fully. Thus people sign up without being fully aware what data is being collected and how it will be used. The data creates a digital profile of the user and companies frequently use this data for targeted advertising. They know a lot about you.

Next up is teenage son Alexi, who is the highest app user in the family. On the topic of apps, Troy Hunt, Internet Security Officer, is quick to point out that apps essentially do what your internet browser does, and again makes your online activity trackable and able to be intercepted. Alexi's apps are scrutinised by Hunt and he finds that some of the apps that users would consider as trustworthy actually have some major security problems, the example here being the app of the NRL team, the Sydney Roosters. Their protocol wasn't encrypted which meant that personal information and credit card data entered into the site would be available to anybody observing the connection. The Sydney Roosters have since fixed this problem.

The problem with apps, according to Hunt, is that they often operate on user trust:

So that's a real problem with this app and it's unfortunate when you're sitting at a PC and you're doing your banking or you're doing your shopping, you get a little padlock icon and you can sort of look for that, and you get some sort of confidence in the security of the website. But you don't get that in an app, so all you know with an app is that these guys are saying, hey trust me with your credit card details - so that one basically has not even an attempt at securing your credentials.

Reporter, Geoff Thompson, next turns his attention to the father, Jim, a financial planner who travels to work by motorbike. Etags are mentioned in passing as a trade off between convenient automatic billing and the road authorities knowing when he uses the tolls. What is news to Jim, and also to us here at this blog, is that NSW Roads and Maritime Services is downloading information on his mobile phone by scanning its Bluetooth signal as he passes particular streetlights. This obviously raises concerns about what data is being stored and whether it is de-identified, as Hunt notes:

It's a question of what they're actually capturing and saving, I mean the concern that I would have is are they tracking identifiable information about individuals, because if they're tracking identifiable information and they're doing it at multiple points, then they're tracking everything from your personal movements, to the average speed that you could be carrying, that would be a bit of a concern to me, it's a question though of whether it's de-identified or not.

The Roads and Maritime Services (RMS) is collecting the Media Access Control (MAC) addresses of mobile phones at 16 sets of traffic lights in inner Sydney. MAC addresses are unique identifiers of mobile phones and similar devices (we talked about their use in so-called 'Spy Bins' in London here). They are not considered as personal information by Australian privacy laws because the phone's owner is not easily identified by the address. This however doesn't mean its not invading privacy or doesn't have the potential to. As Hunt cautions,
this might be one of those cases where you want to get a definition of personal information, is a unique device address personal information? You know, maybe it is not, but it does still track an individual's movements, ah so whether or not they admit to actually tracking it, the capability is there.
The RMS issued a statement in response to the Four Corner's inquiries claiming that,

The devices receive the Bluetooth MAC address but no other identifying information is captured. MAC addresses are anonymous data.
The signals provide RMS with data to show the number of vehicles passing through intersections at particular times which then helps RMS monitor traffic flows. Unlike other devices with measure traffic volumes, this method allows RMS to measure traffic flow and provide information on trip and exit times to customers.

Despite this Four Corners uses examples of technologies which ended up having impacts beyond what was initially intended.San Francisco's toll tag, is one such example, for despite being introduced only with the intention for automatic billing, it eventually had impact on divorce proceedings. The movements of spouses became important information, and the courts acted to subpoena such information from the tags.

The fact that Jim drives to work also brings up the issue of Automatic Number Plate Recognition (APNR) technology which takes photographs of number plates and identifies any "problem" vehicles. Introduced in late 2009, the technology is now installed on 280 police cars across NSW. The cameras take six photos a second and these photos are stored on a data base for approximately five years. But the scanners don't discriminate on which vehicles they photograph. All number plates in view are targeted whether they are doing something illegal or not. According to Four Corners, since 2009 the NSW police force has captured and stored more than 208,799,000 number plates. However, the police are reluctant to explain how exactly they use this data, noting that there are strict protocols for accessing and retrieving the stored information and that none of it is personal, while offering a general statement that:
"The information collected by the ANPR units - car photo, registration plate number ... and where and when the photo was taken - is stored in a separate data base for about five years."
However, as the episode notes, this is essentially a database of where you've been and when for the past for years. Hunt believes we have reason to question the innocuousness of the technology:
Without any confirmation to the contrary, and I can understand why they'd want to be cagey about something like this, that's really the only conclusion you can draw right? Because we know that the data's being collected, we know we have the technology to match a numberplate in one location to a numberplate in another location, I mean this is, this is very basic stuff. So you have to draw the conclusion that that yes they, you know, this is all getting put together at some point.
This clearly shows the potential for metadata to be stored and used to link people and events over a period of years. This potential is voiced by the Australian Privacy Commissioner, Timothy Pilgrim, who notes that:
Metadata can tell quite a lot about a person's activity in terms of the times they're transmitting and who they're transmitting data to or having communications with, certainly it can provide quite a lot of information.
And there are more than 300 000 metadata requests made each year.

However, it is not just internet data, apps, number plates, etags, and mobile phones that are surrendering our data. Thompson, now turns to the mother of the family, Helen, who is heading out to do the grocery shopping. This of course brings up Coles "Flybuys" and Woolworths "Everyday Rewards".

Rob Scott, Finance Director for Coles, claims that the FlyBuys system is an extension of what retailers have been doing for years, in getting to know the customer, what products they need and like, and then tailoriing their services and stock to the customer. As Alastair MacGibbon notes, "loyalty cards and rewards programs are about collecting information about you. Again, it's a perfectly legitimate thing to do, so long as you go into it with your eyes wide open."

It is noted that Woolworth's has bought a 50% share in data analysis company, Quantium, giving Woolworth's access not only to the data of its own clients, but many of Quantium's other clients. This provides Woolworth's with a greater understanding of the buying habits of its own and other customers. Although the data that both companies share supposedly is de-identified, such data is still incredibly valuable in showing customer habits more broadly, which helps businesses to further tailor their products and services to the customer's wants.

Back at home, Helen opens up her yahoo account. Doing so means that her data is re-routed through computer servers in the United States and which of course, as the whistle blowing revelations on the National Security Agency earlier this year showed, makes Helen's data subject to interception by foreign intelligence agencies, something she is not comfortable with. While some "If you haven't done anything wrong, you don't have to worry" rhetoric is rolled out, Danny O'Brien of the Electronic Frontier Foundation notes that,

US citizens have, at least in theory, some constitutional rights that protect their data from access by the US government. Those rights don't extend to non-US persons, which means that Australian's data, when it's kept in the United States, has no real legal protection from the government...It gets worse because, not only is there no good legal protections from the US government, 'cause the US government shares its intelligence and research with the rest of the world, including potentially the Australian government. So you have this incredible trade off where the Australian legal system has good protections to prevent data just ending up in the hands of the Australian law enforcement, without you know a good warrant or a judicial process. But that doesn't stop the US from handing data on Australian citizens straight over to those same parties without any of those legal safeguards.

With the potential surveillance and data gathering opportunities in the domestic sphere discussed, the episode moves onto the final member of the Pappas family yet to be addressed, eldest daughter, Katerina. Meeting a friend at Westfield, Bondi Junction, Katerina's movements are monitored by CCTV but also have the potential to be tracked by the shopping center using her mobile phone. Four Corners notes that Westfield's privacy policy claims that,
"...where devices are able to connect to, or are identifiable by, in-centre infrastructure, we may collect data including usage, location and type of device"
Although Westfield states that they are currently not tracking customers via mobile phones despite having the technology installed in three Australian sites. The importance placed on such technologies is demonstrated by the creation of Westfield Labs, a division of Westfield based in San Francisco, which is tasked with developing and perfecting ways to collect data on customers. Another company, RetailNext, has already developed their own version of in-store tracking, something we discussed in a previous blog post. Katerina, understandably is not comfortable with the idea of tracking her movements through the shopping center by wi-fi, suggesting for an opt in, opt out policy.

The Future of Retail. Image Source: Westfield Labs


But it is not quite safe to leave Westfield without another privacy hazard! According to Four Corners, Westfield parking station trialed technology to help shopper locate their cars. This required photographing and uploading the images of every parked car. Hunt, however, had found a security flaw which has now been addressed. It had been possible to obtain more information than the four possible car matches that the product had intended. According to Hunt, anybody with an internet connection could access information on which cars were in the shopping center and when:
And they would get a list of every vehicle that was currently in the car park and then they could repeat it every sixty seconds, every five minutes, whenever they wanted to, so you would get a profile of who's coming and going and how long they're staying.
The episode concludes back at the Pappas' s house, where the complexity of digital assets ownership, particularly after death and the idea of people's data outliving them, is discussed. The relative "newness" of this issue is noted, along with the need to find ways to deal with this, answers to which are far from complete.

That distinguishing between our physical and digital identity is becoming increasingly difficult is remarked upon by Thompson, and the episode has reflected the increasing intertwining of the two through our everyday lives, often through processes of which we are not aware, or only partly so. Our data footprints reveal a considerable amount of detail about ourselves, even if the data is de-identified or not, and it is increasingly salient to develop ways to manage this data in a way that finds a balance with privacy, regardless of whether some commentators have already touted the death of privacy.

It suggests the increasing blurring of the boundaries between public and private places and selves. Many see their mobile phone as a personal and private device, but clearly as this report has showed, the information contained on them can be obtained in public spaces, such as with the MAC address gathering, and without clear explanation of why, or what is used for. This also denotes a disparity between people's perceptions of what is private and what law or government define as personal information, based on ideas of de-identified information, which need to be re-assessed. Because the collection, storing and access to big data raises a multitude of issues concerning privacy, security, policing, government and power, as well as the potential to abuse that power. As O'Brien comments,
I don't think any social system, any government, can survive knowing everything about its citizens without ultimately that being corrupted. I mean I wouldn't be able to take that power. I don't think anyone would want or to take that power, um. But once you've got it, you're gonna find a use for it.