Somebody is Watching You (Via TV)

Last week my local Congressman Michael Capuano introduced some important legislation into the house regarding privacy and TV.

Like many of us residing in the US, Capuano was astonished and troubled by the revelations that home TV and telephone operator Verizon was required to give the government lots of data about our telephone use. They provide a daily list of all calls, duration and codes to identify mobile devices so that the government can look for terrorists.

Capuano decided to look further into issues of privacy surrounding this particular operator, and his legislation is a result of his findings.

He found that cable TV companies are developing systems that allow the TV set to watch the viewer. The idea is that a box sits in your house and watches you watch the TV so that advertisers can market their wares better.

A woman watching TV in the dark

Watching TV

The systems will be fitted with face recognition software (see this article for an idea of how far this software has come) so that publicity can be tailor made for the consumer.

So if I am watching something the publicity will be aimed at me, and probably cross referenced with data about my interests, life and Google searches. Fast cars, motorbikes and concert tickets.

If my wife is in the room maybe the publicity will also take her presence into account, and offer her shampoo, a fitness package or the likes, or maybe target us both with a cruise or a romantic weekend in the sun for 2 or likewise. If we are sat at opposite ends of the sofa maybe some counselling or a good divorce lawyer, who knows.

I can only imagine that if the watcher is eating a bag of crisps (chips) and drinking a bottle of beer then publicity for pizza and wine would be in order, the right message at the right time if you see what I mean.

What Capuano and his co sponsor are trying to do is to pass legislation to force producers to build and market a version of their cable interface box without the cameras integrated, and that the TV must show the message “I am watching you” when the machine is watching you.

Not too much to ask you might think but in free market led America I await the outcome. Read more about the legislation here.

I was fortunate enough to interview Congressman Capuano for my Bassetti Foundation blog a couple of years ago. We spoke about technology and his responsibility as a politician to society and his electorate. A transcription of the interview is available here.

Just as a sideline the BBC has an article out about hackers taking over webcams to spy on people covertly. Apparently there is a market for access to your computer, although the stated motivations are different and the practice is not legal.

EDITOR NOTE: Don’t forget the post I wrote about keeping Java up to date Jonny; it mentions about webcam hacking too :-)note by Christopher

Kill the Password

This week I would like to draw readers’ attention to an article that appeared in Wired at the end of last year. Written by Mat Honan and entitled Kill the Password: Why a String of Characters Can’t Protect Us Anymore, it makes for really interesting and alarming reading.

The author starts by explaining that he lost all of his digital life last year as his accounts were hacked, an event that lead him into investigating online security and how it is breached.

What he discovered is not for the faint hearted. The linking together of different accounts using an email as username means that any seriously interested party with a little time on their hands and very little money can relatively easily get into a single account, and from there into the others.

His conclusion is that the culture of using passwords for security is outdated, a thing of the past and that anyone who tells you otherwise is either deluded or trying to convince you of something that is not true.

The worst password choices

Worst passwords of 2012

The availability of information is a problem because of the personal question access to resetting your password. Mother’s maiden name, place born etc. are easy things to find out about anybody through ancestry sites or other documents. Once you have somebody’s email address, you try to reset the password using the personal questions through the provider’s website. The answers might be on Facebook, or on their blog, or maybe intuitive, but they are out there.

Then to the customer services rep that you speak to by phone. They are people and can be misled. The article contains a transcription of a conversation between a hacker and one of these people. As the user needs to be able to reset the password they are offered a series of questions that get easier and easier to guess. Names of best friends is possible using Facebook or other social network publications, but if not try favourite food or others, but the example given is name of one of the files in the account. Try Google, Amazon, Personal, one will be right.

So the problem is that the system needs to be flexible and easy enough to use, so we must be able to easily change our passwords, but this makes security impossible.

How can this problem be addressed? Here the trade off is privacy. If the company knows you, through your search histories, places you have been, where you work and what you like to do they might better be able to tell if the password reset-er is you, but you lose any privacy you think you might have.

Voice recognition can be tricked using recordings, biometrics and fingerprints too. Once a system uses these things that cannot be changed or reset the problem is magnified. If I have a fingerprint lifted from a screen I can use it to get anywhere and new fingers are hard to come by these days, so what do you use next?

The article poses these problems from the point of view of somebody who has been hacked, but the author also looks at who these hackers are and even meets a couple. It is big business in certain circles, particularly in the Russian speaking world where organized crime has a large stake and makes a lot of money through stealing identities and all that follows. In other circles they are just “kids” having some fun wreaking havoc.

There are a few simple strategies outlined in this (not short) article that are worth following but none are foolproof, and that is a lesson we could all learn from. Just a word of warning, it contains some harsh language.

On a lighter note happy new year to everyone, and my mum’s maiden name was Windsor (no relation to either Barbara or Elizabeth).