Hi, please

Author Archives: nadine

How can somebody spy on your webcam?

The recent webcam spying scandal at a school in Pennsylvinia has caused worldwide uproar in the news, and proves that paranoiac scenarios are actually not so far stretched. In the era of Skype, ChatRoulette, and the ubiquitous use of security webcameras, this case raises serious questions about privacy and Internet security. As I will combine my introductory post and my question, here first some background information.

The spying scandal at Harriton High School

In mid-February, a high school in Pennsylvania got in the spotlight of the news- and now of the FBI- as it was revealed that school officials were spying on their students by secretly activating the webcameras of school-issued laptops, even when students were at home. The scandal unfolded when the assistant principal summoned a student to her office, and accused him of selling and taking drugs. She based her allegations on photos that were taken by the kid’s webcam showing him eating suspicious substances at home, or what later turned out to be Mike and Ikes candy. Shortly after, the student’s parents have filed a lawsuit against the school. As the scandal become public, various other students reported that they had been perplexed by the bizarre on- and off-going green lights of their laptops. The school denied that it invaded the students privacy, and explained that the software installed on the computers that allowed to remotely access the cameras was a monitoring and security device that allowed to locate laptops in case of theft.YouTube Preview Image

It is not unusual that schools monitor and spy on their students, as an documentary segments called „How Google saved a school“ indicates. However, Harriton school stands out as teachers accessed the webcameras of their students in their private homes, a reason why the FBI is now investigating the case.

The scandal poses general questions about the education system, authority, and where to draw the line between monitoring and spying. What is the legal basis or guideline? But first of all, I’d like to know how this is technologically possible. Considering that most laptops have built-in cameras and have become all purpose devices that we use 24/7, how big is the risk of such kind of surveillance?

How can somebody spy on your webcam?

A simple Twitter search for #spycam quickly leads me to what seems the ultimate information source about the technology behind the Harriton Hight School scandal. A blogger called Stryde Hax , a part-time hacker and consultant for an Internet security company called Intrepidus Group, has investigated the case and discussed it on his blog. Stryde Hax explains that the school installed a remote monitoring product named LANRev on their laptops. Even when computer were connected outside the school networks, the track-and-monitor feature reported back to the administrator, and allowed to activate the camera remotely and take secret pictures. As the remote control was invisible (except the brief moments when the camera lit up), and the victims were unaware about it, this software would qualify as spyware, defined as„a type of malware that is installed on computers and collects little bits information at a time about users without their knowledge.“

The market for spy camera software seems to be tremendous! On Google search, a multitude of companies sell this kind of product. For example, Power Spy 2010 proudly claims that it is „[p]erfect for catching cheaters, monitoring employees, children and spouse and even investigating crimes!“

For reasons to spy on your spouse and other healthy relationship advice, please click on the picture above.

The software allows you to monitor all computer and Internet activities, take screen snapshots like a surveillance camera, record usernames and passwords, but is „completely legal“ according to the company that sells it. However, there are also cheaper ways to turn your webcam into a spying tool, you could simply “use Skype as a covert snooper.“

Legal issues involved

Does this sort of spying violate wiretapping laws? In the case of Harriton High, the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) believe that it constitutes an infringement, and filed an amicus brief in support of the victim. However, the matter is not that obvious. Kevin Bankston, an attorney for EFF, explains why:

“There is no federal statute that criminalizes or creates civil liability for such secret videotaping unless it involves sound, because then it is an intercept of a verbal communication. So no one can plant a bug in your house without violating wiretapping law, but they can still plant a camera without violating federal wiretapping laws.“

A Skype-camera spy-attack would therefore be illegal, but how about soundless spying with Power Spy 2010? For example, is it legal to use this software in an company or could you give your consent to spy? According to the EFF, „private schools or employers can ask you to sign away your right to privacy, but not a government entity like a public school.“ However, there is no juridical precedent, and is up to the court to give further indications. Collecting usernames and passwords without previous consent is certainly a violation of the Forth Amendment. Another troubling factor is that in Harriton High School,  only official (and monitored) computers were allowed, and “jailbreaking a school laptop in order to secure it or monitor it against intrusion was an offense which merited expulsion“ (source: Stryde Hax). How will this case be resolved?

Welcome to hacker culture!

Obviously, another central question is whether somebody can intrude your computer and gain control of your webcam by other means. As I am quite illiterate in technical issues, I turn to the wisdom of the crowd, and search the answer on Google, web forums, and even Yahoo Answer. I found out that all you need is trojan virus which can remotely access your webcam, and that a normal Windows firewall will not stop. Another option is to turn to social engeneering and to get crucial information (in-)voluntarily from the victim rather than breaking into its system. How easy/difficult is this?

Kevin Mitnick, worldwide hacker celebrity and now security consultant

To my surprise, the hacker community is very generous about sharing its tips and tricks: there are plenty of fun tutorials on Google on how to hack into your friends’ computers and spy trough their webcams. In addition, I learn that under the surface of anarchy, there are quite institutionalized platforms and various social norms. There even exists a Hacker Quarterly, and a related biennial hacker conference called HOPE (Hackers On Planet Earth), where the state of the art and future challenges are discussed. More basic, hacking isn’t only about hacking: different subcultures and -groups exist, like white hats (=ethical hackers, specialized in penetration testing), or black hats (=specialized in unauthorized penetration, seek personal profit). Is Stryde Hax therefore a white hat? Has he been a black hat before, like Kevin Mitnick? Who designs these categories? Plenty of questions to follow…

Campaign for avoiding awkward moments in the elevator!

Travelogue 3 – spoiled for choice

Here are my suggestions for the third travelogue…

1) I’d like to dig deeper into the of surveillance tools and digital censorship. I am quite perplexed by a device developed by Cisco called Service Control Engine (isn’t that already an evil name? ) that allows to filter content. It’s no surprise that China is a major client, so one way of addressing the topic would be examining the role of companies in the construction of China’s Golden Shield. However, no need to go to the other side of the globe: could Peer-to-Peer blocking be legalized in the United States? Companies like Comcast have already been accused of deliberatly degrading Peer-to-Peer broadband traffic…This calls for a follow-up!

2) The saga continues! No decision was taken last Thursday at the highly anticipated federal hearing that sought to settle a legal dispute over Google’s plans to digitize millions of books. As the hearings take place in New York, I’d like to cover the case that will certainly write history.

What do you think? Thanks for your feedback!

Ushahidi-Haiti: a revolutionary tool for crisis relief response!

Within hours after the devastating earthquake in Haiti of January 12th, a small group of tech geeks and social activists of Ushahidi had set up an online platform that allowed to gather critical information about the situation and centralize it on an interactive “crisis map.” The site called Ushahidi-Haiti has become an extraordinary communication tool to assist the humanitarian relief efforts on the ground, and address the urgent needs of Haitians in innovative and unprecedented ways.

An SMS or Twitter feed to get help for people in Haiti

Besides monitoring traditional news media, Ushahidi’s relies on unconventional mechanisms to get information: people can submit reports using the Ushahidi’s homepage, Twitter, or email. If they are in Haiti themselves, they can even send a simple SMS indicating their needs free of charge to the local short code 4636.  Hundreds of Creole speaking volunteers, mostly members of the Haitian diaspora, translate and contextualize the messages, and forward them to otherUshahidi volunteers around the world. This second group identifies the exact geo-coordinates of the messages, and locates them on Ushahidi’s map. Then, the data is forwarded to different organizations that provide relief services, like the Red Cross or the United States Coast Guard. At the same time, it is streamed toUshahidi’s database that can be viewed publicly, but in general doesn’t reveal sensitive information like personal telephone numbers.

Ushahidi talks about its service on local radio programs, but most information is spread by word of mouth, calling on the Haitian diaspora. Internet or mobile phones are prerequisite too. In short: you need to be connected to get connected!

Finding GPS coordinates- not an easy task when they are no maps!

Although 35% of the Haitian population have mobile phones, most devices don’t have fancy GPS features. Each incoming messages must therefore be manually located; not an easy task as one volunteer recounts. If the address is unclear, Ushahidi members text back for more information, or communicate with other volunteers in chat rooms or on skype.

Tilman at CrisisCommons!

Tilman in action!

One of the big challenges for Ushahidi and relief organizations working on the ground has been to get precise maps of Haiti, especially of Port-au-Prince. For that reason, Ushahidi and other mind-liked communities like Open Street Map, International Crisis Mappers,  and CrisisCommons, have launched a campaign to map Haiti. Volunteers from around the world work together to create up-to-date maps, using satellite imagery, professional know-how, and and local knowledge of Haiti’s cartography. On a volunteer meeting organized last week byCrisisCommons, I’ve met Tilman, a German journalist and cartographer, who explained me how volunteers improve OpenStreetMap of Haiti. YouTube Preview Image

However, it is very difficult to get accurate information from undocumented areas, like informal settlements. In the future, Ushahidi seeks to work with local communities to create public digital maps of their neighborhoods, following the example of a project in Nairobi, Kenya.

Follow-up mechanisms and verification processes

Obviously, the most important step is to organize help for the disaster-affected population. Ushahidi is not an humanitarian organization that can provide emergency services. Although it has a full time representative in Haiti to establish liaison with relief organizations, and has experienced some success stories, it can’t guarantee follow-up of all the help requests. The primary objective is to make its data available to organizations like the Red Cross, FEMA , or Plan International, that are free to use them according to their needs and interests. One obstacle represents the verification process. Reports only get marked as verified if more than two messages from different sources describe the same incident. At the moment, this is done manually, butUshahidi is working with Swift River to automate the system in the future.

A help request sent to Ushahidi

If there exists only one message, the report has to be verified personally, for example by a phone call. However, this mechanism proves to be very difficult. In my research, I’ve met other activists from CrisisCommons volunteering for the Haiti-Earthquake-Information, a web application that worksindependently but in synergy with Ushahidi, and has established contact with the World Food Program.  I’ve learned that reaching a person that texted for help can be an complicated and frustrating endeavor. Most of the time, a phone number wasn’t working, or we were directed to the voice mail. On other occasions, we could get through, but a child picked up that didn’t understand who we were. The only effective way is to send a contact person directly to the ground to verify an urgent report.

Besides mobilizing concrete actions, it is important to get vital information back to people on the ground. As Internet penetration is very limited in Haiti, and most connections don’t work properly after the earthquake, this is anotherweak point of the project. Though, with the help of FrontlineSMS , Haitians can subscribe to alerts to receive information by text message. This feature most certainly be improved and expanded. Other projects heading into this direction are under-way, like OpenSolace for example.

Crowdsourcing as a novel tool of disaster response

Ushahidi volunteers at the Fletcher School

Ushahidi has launched an unprecedented initiative to address the immediate needs of the earthquakerelief efforts in Haiti. Based on pure volunteer efforts, and without the managerial skills of a large organization, it has achieved to offer a comprehensive picture and almost real-time information of the situation on the ground. An extraordinary accomplishment considering the chaos and the lack of information that characterizes the aftermath of a large disaster! The crisis map can be a very useful tool for relief organizations. However, the platforms faces major obstacles in organizing actual follow-up, and getting information back to report senders. In addition, if favors the digitally and socially connected, as access to technology and links to the Haitian diaspora are indispensable. It will be interesting to observe how Ushahidi -Haiti will evolve in the future, and if it will achieve to transform itself into a sustainable platform for development efforts.

But first and foremost, I  am amazed how complete strangers and such diverse actors have come together to collaborate effectively, and get the platform going. It proves how powerful crowdsourcing can be; the outcome has been stupendous, and certainly beyond any imagination! Ushahidi has changed the face of disaster response for the future.

Relief by SMS? A first assessment

YouTube Preview Image You can better read the text if you enlarge the image.

PS: Here you can get a free 15 days trail of  Snapz Shot, a software that allows you to film your screen.

How can an SMS get help for a trapped person in Haiti?

Shorty after the earthquake, Ushahidi launched a new online mapping platform to assist the humanitarian relief efforts in Haiti. The idea sounds simple: people can send a text message to an indicated short number to communicate their needs and request help. But how does this system work? Even in New York, it wouldn’t be easy to set a rescue operation in motion by a simple SMS. Effective coordination between the different emergency services, like the ambulance association and the police and fire departments, requires excellent information exchange. However, communication often collapses in the wake of natural disasters, creating situations characterized by chaos and lack of information. How do people get in touch with each other? And how do they know which number to call?

In my next travel-blog, I will explore the complex interaction chain between the people that text for help and the diverse Ushahidi volunteers- either those based in New York or Port-au-Prince. Who is involved? How does the communication system work? In addition, I will analyze how the received information is verified and how actions are coordinated with the relief agencies. What happens if no geographic coordinates are available, or if the place in question is a slum where there are no official maps? When even experienced international humanitarian agencies face major difficulties in organizing effectively help, how does Ushahidi manage?

Speake out- and map it!

I am fascinated by the possibilities of interactive mapping for social activism. The most enthralling example I’ve found is Ushahidi, an Internet platform created by Kenyan bloggers during the post-election violence in Kenya in 2008. Ushahidi offered the possibility to report human rights violations and other incidents via test-messaging, email and Twitter to the website, that then were mapped onto Google Earth with a timeline of the events, creating a  global picture of the Kenyan crisis. Since then, the experience of Ushahidi has been replicated in other parts of the world, like South Africa, DR Congo, and most recently in Haiti, where people can report emergencies and missing persons. The software was even applied to track the swine flue or wildlife in Kenya. It is a great combination of citizen journalism, and digital social activism.
First of all, I’d like to understand better the mechanisms of Ushahidi, the way it is linked to other softwares like FrontlineSMS, and explore how it can be used for other causes. Do you know similar projects? I’ve found several examples of activist mapping, like Acces Denied (map of Global Voices that monitors government censorship of the Internet,) or Crime Reports (local crime information and maps,) but none of them is based on user-generated content!
I’ve also got various concerns: How is the information checked? What about the spread of false information? And what about the security/identity of the informer?

Smile (or Not)- You Are Being Watched!

Do you think that you are an anonymous nobody, or do you secretly elaborate strategies to finally become famous and divert public attention on you? You are wrong! In fact, let me tell you that you are already all over the place! Especially since you have become a NYU student. There is no need to participate in Big Brother or other television reality shows; a slow stroll from Washington Square to the sports center is enough. My latest experiment will prove you why. Unfortunately (or fortunately for you), my project „Zero Camera“ has desperately failed.

Adam Curtis’ documentary has addressed a fundamental question I was asking myself for the last few weeks. What price has freedom? If we want to preserve and protect our so-called free and open society, is it inevitable that we will have to give up large parts of our privacy and personal rights? The failed terrorist bombing of the Northwest airplane on Christmas day has once again shown how vulnerable our society is. More important, it has made clear that fear has become the governing rationale of our living-together. I am shocked with was ease and speed civil liberties are revalued and curtailed in the name of national security. Although the efficiency and legitimacy of the draconian security measures adopted after the 9/11 events have been questioned by the public in the last few years, after Christmas, invasive „preventive“ actions have been taken without a blink. Full-body scanners will soon be installed in every airport. For now, this new measure still provokes outcry and is heatedly discussed, but within little time it will be largely accepted – as it occurred with the security/surveillance cameras systems in the past.

To make it clear, I don’t want to blame terrorism as the sole reason for this situation. In the last decades, there has been a unbreakable trend towards the „securization“ of our society. Private security companies have mushroomed everywhere on the globe, especially in industrialized countries, and became an integral part of our daily life. Today, it is completely normal- and even regarded as necessary- that surveillance cameras accompany us 24/7. But how true is this statement? Are video cameras really ubiquitous, at least in the cities? I asked myself when I was filmed in my daily life. Sure, I knew that banks and stores use video cameras, and in the subway I also had spotted several models. But around the university campus, it couldn’t be so bad, could it? Walking on University Place, I started to direct my look into the air, and suddenly realized that I was walking on a red carpet. On only eight blocks, I discovered ten cameras!

That is when I wanted to make an experiment. Could I get from Bobst Library to the Sports Center Palladium without being taped? With the help of i-See , a web-based application elaborated by the Institute for Applied Technology, I calculated my „Zero Camera“ route to trick the system, and find a way for not being taped on my way. The plan seemed simple: after some detours and small side-streets, I would arrive at my final destination on 14th street without being videotaped. With the city map in my hand, I left the library full excitement.

Half a bloc later, my first deception. Kimmel Center. Four cameras on one corner! Even worse, a quick inquiry with the security guard revealed that the building has approximately ten outdoor cameras. On Thompson street, the situation was similar. Clearly, i-See needed a huge update! Therefore, I changed my plan again, and decided to count all cameras on my „Zero Camera“ route. About twenty minutes later, and a nice walk in the East Village (by the way, the church at 10th street with 2nd Ave has a very nice garden!), the result was stunning: I discovered over 25 cameras. On practically every segment of my route my un-trained eye had found video cameras. The real number must be much higher, as a lot of cameras are hidden as lamps, and aren’t easy to detect.

According to a report published in 2006 by the New York Civil Liberties Union (NYCLU) called “Who’s Watching? Video Camera Surveillance in New York City and the Need for Public Oversight,” the number of video sur-veillance cameras has skyrocketed in the last ten years. Whereas in 1998, over 2300 cameras were „visible from street level in Manhattan,“ in 2005 almost the same amount was counted in the area of Greenwich Village and SoHo only. Five years later, the current statistics must be even higher.

Of course, the purpose of video camera systems isn’t to turn common citizen into non-stop filmed celebrities. The proponents of video surveillance systems claim that the use of cameras deters crime, and enhances public safety. On the other hand, critics denounce that this technology undermines fundamental civil rights like the right to privacy, speech, expression and association. For example, the NYCLU has reported abuses of police monitoring powers in this regard, and raised awareness about the discriminating practice of racial profiling. The New York based performance collective called Surveillance Camera Players also protests against public video cameras, and makes a direct parallel to George Orwell’s surveillance society depicted in 1984.

The question is if these measures are effective and make us safer. But more important: Are the invasion of our privacy and the detriment of our personal rights the price of security? Do we have to be unfree in order to be free? In the end, it is a choice about what society we want. In my opinion, we are heading in the complete wrong direction.