TfL deploys privacy-busting voyeurcam

The US Immigration and Customs Enforcement (ICE) agency has spent about $2.8 billion over the past 14 years on a massive surveillance "dragnet" that uses big data and facial-recognition technology to secretly spy on most Americans, according to a report from Georgetown Law's Center on Privacy and Technology.

The research took two years and included "hundreds" of Freedom of Information Act requests, along with reviews of ICE's contracting and procurement records. It details how ICE surveillance spending jumped from about $71 million annually in 2008 to about $388 million per year as of 2021. The network it has purchased with this $2.8 billion means that "ICE now operates as a domestic surveillance agency" and its methods cross "legal and ethical lines," the report concludes.

ICE did not respond to The Register's request for comment.

Comment Many information security practices use surveillance of users' activities. Logging, monitoring, observability – call it what you will, we have built a digital panopticon for our colleagues at work, and it's time to rethink this approach.

The flaws of surveillance-based infosec are already appreciated. The European Court of Justice (ECJ) recently found that mass surveillance of the population was an unjustified intrusion into privacy, even when the goal is to combat serious crime. Why, then, do we consider it reasonable to implement invasive surveillance to address the flawed computer systems we choose to use?

Does watching staff 24x7 really make things more secure?

In brief San Francisco police have been using driverless cars for surveillance to assist in law enforcement investigations.

According to an SFPD training document obtained by Motherboard [PDF]: "Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads."

It indicates that police officers will receive additional information about how to access this evidence, and added: "Investigations have already done this several times."

Google has made changes to its Play Store policies, effectively banning third-party call-recording apps beginning May 11, claiming it seeks to close alternative use accessibility APIs for things other than accessibility.

Google has for a while blocked real call recording on Android 6 and over the microphone on Android 10. Developers have been using accessibility APIs as a workaround to enable the recording of calls on Android.

Accessibility Service APIs are tools that offer additional services that can help those with disabilities overcome challenges. Using these services against their designed intentions, i.e. to achieve a goal not geared at overcoming disabilities, remains the only way for third-party apps to record calls.

A privacy rights org this week lost an appeal [PDF] in a case about the sharing of Bulk Personal Datasets (BPDs) of UK residents by MI5, MI6, and GCHQ with foreign intelligence agencies.

The British agencies have never stated, in public, whether any of them have shared BPDs with foreign intelligence agencies – they have a so-called "neither confirm nor deny" (NCND) policy – but the judgment noted it "proceeds on the assumption that sharing has taken place."

The true position, as noted by Queen's Bench Division president Dame Victoria Sharp in the judgement, was revealed to the defendant in its closed hearings.

Cambodia's Ministry of Foreign Affairs and International Cooperation has issued a clarification about the role of the "National Internet Gateway" that will commence operations tomorrow, stating that descriptions of it as an instrument of pervasive surveillance are "unfounded."

As reported yesterday in The Register, human rights organisations, big tech, and academics believe the Gateway is all about surveillance, in the service of suppressing political opposition, and perhaps with some crony capitalism thrown in for good measure.

However, a Ministry spokesperson insists the Gateway is actually an instrument to "strengthen national security and tax collection as well as to maintain social order and protect national culture."

Cambodia’s National Internet Gateway comes online this Wednesday, exposing all traffic within the country to pervasive government surveillance.

As The Register reported when the Gateway was announced in January 2021, Cambodia's regime will require all internet service providers and carriers to route their traffic through the Gateway. Revocation of operating licences or frozen bank accounts are among penalties for non-compliance.

All incoming traffic to Cambodia will also be required to pass through the Gateway and be subject to censorship.

Former foreign secretary Dominic Raab rebuked GCHQ for secretly halting internal compliance audits that ensured the spy agency was obeying the law, a government report has revealed – while just 0.06 per cent of spying requests made by Britain's public sector were refused by its supposed overseer.

GCHQ's unilateral decision to stop recording audit data was because of the COVID-19 pandemic, it insisted when inspectors from the Investigatory Powers Commissioner's Office (IPCO) discovered it three months later in July 2020.

"One of the measures which had been temporarily suspended concerned the internal audit of necessity and proportionality justifications written by analysts to justify their selection for examination of bulk data," said IPCO in its 2020 annual report, published last week.

Eighteen US Democratic lawmakers have asked the Treasury Department and State Department to punish Israel-based spyware maker NSO Group and three other surveillance software firms for enabling human rights abuses.

In a letter [PDF] signed by US Senator Ron Wyden (D-OR), House Intelligence Committee Chairman Adam Schiff (D-CA), and 16 others, the legislators urge Secretary of the Treasury Janet Yellen and Secretary of State Antony Blinken to apply sanctions to the NSO Group, UAE-based DarkMatter Group, and EU-based Nexa Technologies and Trovicor, under the Global Magnitsky Act.

The Global Magnitsky Human Rights Accountability Act was signed into law in late 2016 as part of the F17 Defense Authorization Act. It expands upon the 2012 Sergei Magnitsky Rule of Law Accountability Act of 2012 which was drafted specifically to punish Russian officials for the 2009 death of Sergei Magnitsky, a Russian tax lawyer who perished in a Moscow prison after investigating government fraud.

A company repeatedly endorsed by ministers backing the UK's Online Safety Bill was warned by its lawyers that its technology could breach the Investigatory Powers Act's ban on unlawful interception of communications, The Register can reveal.

SafeToNet, a content-scanning startup whose product is aimed at parents and uses AI to monitor messages sent to and from children's online accounts, had to change its product after being warned that a feature developed for the government-approved app would break the law.

SafeToNet was hailed this week by senior politicians as an example of "new tech in the fight against online child abuse," having previously featured in announcements from the Department for Digital, Culture, Media and Sport over the past 12 months.