Driving Under Surveillance:  Your Car’s Silent Betrayal 
0
Dan Gavin
Driving Under Surveillance:  Your Car’s Silent Betrayal 

Previously, we discussed the fact that your mobile phone vendors are providing your location information (and more) to data brokers who, in turn, sell that information to advertisers. I have some alarming news for you, that is not the only way that you are being surveilled by today’s technology. Basically, if your device has a connection to the internet, there’s probably a way to spy on you whether that device is a phone, tablet, baby monitor, or your car. 

In the United States, your privacy is NOT protected. There is no settled law on what is or is not allowed to be collected from you electronically. Although law enforcement cannot collect the information without a warrant, they can purchase the information that is in the public domain. Almost all End User License Agreements (EULA) that are required before using your digital applications (like a browser), have a stipulation that you allow them to collect and even sell your data. This is all legal and very lucrative in the U.S. 

Unlike the U.S., the European Union (EU) has a law that protects the privacy of their citizens called the General Data Protection Regulation (GDPR). This law dictates that the personal data should only be stored as long as necessary with safe and secure processing. Two of the key rights included in the GDPR are: 1. The right to know what data is being collected and how it is used.  2. The right to have your data deleted from the databases. 

Previously we discussed how the applications on your devices gather your data and sell that to data brokers who sell advertisements. Do you realize that your car may be gathering data about you? In a typical new car these days, data can be gathered from your navigation system, Bluetooth, the Tire Pressure Monitoring System, cameras, and your infotainment system. Anyone can put a radio receiver at travel choke points and follow specific cars as they travel around. 

Did you know that car companies, like Kia, Nissan, GM, and many more, glean personal information about drivers after they pair their smartphones with a vehicle’s connected services? They can take that information and sell it to vendors and insurance companies. You don’t have to sign up to be tracked by GPS by your insurance company for them to know your driving habits. Just last week someone relayed a story about their friend whose insurance company cancelled his insurance through data the insurance company bought from the vendor. The company claimed that driver accelerated too fast and broke too hard for them to continue to insure him. They do not need to ask you how you drive; the insurance companies already know. 

LexisNexis Risk Solutions and Verisk are consumer reporting agencies that use driver data to create a risk score that they share with insurance companies. A report can show a driver’s individual journeys, showing information like trip durations, distances, instances of speeding or abrupt driving maneuvers. If you have OnStar in your car, you likely consented to sharing this data when you bought the car perhaps without realizing it. There are multiple class action lawsuits against GM, OnStar and LexisNexis ongoing at the time of this writing claiming that their data was collected and used against them without their consent. 

If you are curious to see what data is being collected from LexisNexis, you can go to their website and request a report at https://consumer.risk.lexisnexis.com/request.  Your auto makers all have similar request forms. Some states (not Arizona) have laws allowing consumers to opt out of having their information sold to third-parties. 

This is just the tip of the iceberg with respect to how you are being tracked on the internet. We can cover more in later articles. If you would like your data protected similar to what the EU does with the GDPR for their citizens, contact your state and federal representatives. 

MK-Ultra and the Patriot Act: A Privacy Dilemma
0
Dan Gavin
MK-Ultra and the Patriot Act: A Privacy Dilemma

MK-ULTRA. It was a “classified covert mind-control and chemical interrogation research program, run by the Office of Scientific Intelligence”. It began in the early 1950’s. The Central Intelligence Agency (CIA) insists it has been shut down. But a 14-year veteran of the CIA, Victor Marchetti, has stated in many interviews, that the claim is a “cover story.” The program is likely still in operation.

From the CIA’s own website we read that the CIA is “prepared to accomplish what others cannot accomplish and go where others cannot go” and that they are “the Nation’s eyes, ears, and sometimes, its hidden hand”.

Since they are the self-declared extra-legal arm of the US government, and from their history the extra-ethical arm of the country, we may deduce there are many activities conducted by the Agency we simply cannot see. Yet.

In a redacted Memorandum for the Record dated June 9, 1953 Director Gottlieb penned these words about MK-ULTRA, “The estimated budget of the project at XXXXXX is $39,500.00. The XXXXXX will serve as a cut-out and cover for this project and will furnish the above funds to the XXXXX as a philanthropic grant for medical research. A service charge of $790.00 (2% of the estimated budget) is to be paid to the XXXXXX for this service.”

The direct quotations printed above are from the CIA Freedom of Information Act (FOIA) page on their website. Therefore, I’m not making any unsubstantiated claims. I’m just the messenger for their own message. From this point forward I will be making wild unsubstantiated claims and speculate like an unrestrained adolescent.

MK-ULTRA isn’t the only CIA program to use US citizens for experimentation. It’s just the one we used for this article. But since smoke indicates fire, maybe we should feel free to speculate. Which leads me to the technical portion of this article.

Most people treat the details of their personal life on the World Wide Web very carelessly. People who (in person) are very guarded and suspicious, disclose the most sensitive information about themselves on Facebook, or in an email. Which, by the way, are both unencrypted and easily accessible by anyone.

Most people use Gmail and Google Docs – the free one. They are under the mistaken impression that since they have it protected with a password, only they have access to it. They forget that Google also has access to it. And through the PATRIOT ACT, so does any arm of the Federal Government, or law enforcement; even without a warrant. The Big Tech companies like Google, Microsoft, Apple et.al. provide wonderful free cloud-based services like email, word processor, spreadsheets, etc. We fail to understand the scope of the reach tech companies have into our lives.

You may think, “but I am a law-abiding citizen. I have nothing to worry about.” The truth is, you are only partially correct. In his blog, Moxie Marlinspike, the creator of the encryption tool Signal, said the following, “Imagine if there were an alternate dystopian reality where law enforcement was 100 percent effective, such that any potential offenders knew they would be immediately identified, apprehended, and jailed.” Our entire culture has evolved when a critical mass of citizens pushed back against laws we collectively decided were outdated or just plain wrong. That couldn’t have happened in a world where even a whiff of social disobedience is detectable.

This may sound a little like the movie “Minority Report”. If law enforcement could peer into the digital lives of us all, would they possibly use artificial intelligence to prognosticate whether someone was contemplating a crime? Would there be a law to punish such a person? Furthermore, have you ever made a comment that might be construed as terrorist leaning? I bet you have but you didn’t know.

Truth be told, maybe we all have lives that we should have the power to keep private. Even from the CIA.

This article was originally published here.

Is the world headed towards Central Bank Digital Currency? 
0
Dan Gavin
Is the world headed towards Central Bank Digital Currency? 

The Bank for International Settlements (BIS), is the governing body for most of the world’s Central Banks, including the United States Federal Reserve Bank. The BIS plays a pivotal role in the global financial system and has been actively involved in discussions and research regarding Central Bank Digital Currencies (CBDCs). One of the potential applications of CBDCs, as highlighted by the BIS and other financial authorities, is to enhance the monitoring and regulation of financial transactions to combat illicit activities such as money laundering, terrorism financing, and tax evasion. Here’s how CBDCs could facilitate this: 

Digital Traceability: CBDCs inherently possess a digital footprint, allowing transactions to be recorded on a blockchain ledger (think of it like an accountant’s ledger book), which could be either centralized or distributed. This digital traceability means that unlike cash transactions, which are anonymous and untraceable, CBDC transactions can be monitored and audited by the issuing central bank and other regulatory authorities. This makes it more challenging for individuals or entities to engage in illicit financial activities. 

Enhanced Regulatory Oversight: With CBDCs, central banks and financial regulatory bodies could have real-time or near-real-time access to transaction data. This capability would significantly enhance regulatory oversight, making it easier to identify suspicious transactions as they occur and take swift action. Advanced analytics and AI algorithms could be employed to detect patterns indicative of money laundering or other forms of financial crime. 

Implementation of Compliance Checks: CBDC platforms can be designed to automatically enforce regulatory compliance. For instance, transactions exceeding certain thresholds can be programmed to require additional verification before they are processed. Similarly, transactions involving entities on watchlists or sanctions lists can be automatically flagged or blocked, ensuring compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. 

Reduction in Anonymity: While the reduction in anonymity might raise privacy concerns, from a regulatory perspective, it limits the ability of criminals to operate undetected within the financial system. CBDCs can be designed to strike a balance between privacy and transparency, ensuring that while individual privacy is respected, there is enough transparency to deter and detect illicit activities. 

Global Cooperation and Cross-Border Payments: CBDCs can also facilitate improved cooperation between countries on financial oversight. With CBDCs, cross-border payments can become more transparent and faster, reducing the time window that criminals must move illicit funds across jurisdictions. Enhanced data sharing and cooperation between central banks and international regulatory bodies could further strengthen global efforts to combat financial crime. 

It’s important to note that while CBDCs offer these potential benefits for combating illicit financial activities, the implementation of such systems must carefully consider privacy rights and data protection laws. The challenge lies in designing a CBDC system that maximizes the effectiveness of regulatory oversight and crime prevention without infringing on individual privacy and freedoms. 

On October 19, 2020, the BIS General Manager, Agustin Carstens, called for “a unified programmable ledger in a public-private partnership”. He was talking about CBDC. Think of it as Bitcoin (blockchain) but without the privacy blockchain currencies afford. Mr. Carstens further stated, “for example, we don’t know who’s using a $100 bill today, we don’t know who is using a 1000 peso bill today. A key difference with the CBDC is that the central bank will have absolute control on the rules and regulations that will determine the use of that expression of central bank liability and also we will have the technology to enforce that.”  

So, in essence, Mr. Carstens is talking about a bank account with digital money which can be programmed for specific use. For example, the entity which controls the digital $100 in a given bank account could put an expiration date on the money thus ensuring it will be spent by a specific date. Or it could be programmed so it can only be spent on food, or rent, or gasoline. This programmability is only limited by the imagination of the controlling entity. 

Whether this is a good thing or not is conjecture. Either the BIS will restrict itself to a reasonable amount of control over every digital dollar and allow citizens of each nation to continue private individual control of their own private earnings or they won’t. 

The original article from the Sierra Vista Herald can be found here.

Cybersecurity Risks in Achieving UN SDG 16.9 with Blockchain Technology
0
Dan Gavin
Cybersecurity Risks in Achieving UN SDG 16.9 with Blockchain Technology

The United Nations (UN) Sustainable Development Goal (SDG) 16.9 aims to provide legal identity for all, including birth registration, by 2030. This ambitious target underscores the critical importance of identity in accessing a wide array of services and rights, from voting to healthcare. As we harness technology to realize this goal, blockchain emerges as a promising solution (1) for its ability to offer secure, decentralized, and tamper-proof ledgers. However, the integration of personally identifiable information (PII), personal health information (PHI), and other significant life events into a blockchain ledger brings to the forefront significant cyber risks that must be addressed.

Blockchain technology offers a revolutionary approach to managing digital identities, ensuring that every individual on the planet has a unique, unfalsifiable, and secure identity. By leveraging blockchain, we can create a system where all forms of PII and PHI are securely encrypted and stored, making them accessible only to authorized individuals and entities. This could dramatically reduce identity theft, fraud, and unauthorized access to personal information.

Using blockchain to manage sensitive data introduces complex cybersecurity challenges. While blockchain itself is highly secure due to its decentralized nature and cryptographic hash functions, the endpoints interacting with the blockchain, such as user devices and applications, remain vulnerable to hacking, phishing, and other forms of cyber-attacks. This vulnerability could lead to unauthorized access to the blockchain ledger, risking the exposure of sensitive personal information.

Second and maybe more importantly, blockchain data is permanent. It therefore presents a double-edged sword. Using blockchain to record EVERY event in your life ensures that once an event is recorded, it cannot be altered or deleted. This means it is an immutable history of an individual’s life events. This immutability raises concerns regarding the right to be forgotten. One may accurately suspect every individual has made choices they’d rather forget. This is not feasible with a blockchain-based digital ID. In Europe, the right to be forgotten is enshrined in data protection regulations like the General Data Protection Regulation (GDPR). Modifying or deleting personal data from a blockchain, once entered, is inherently difficult, if not impossible. This poses significant privacy concerns.

The concentration of vast amounts of PII and PHI in a single ledger, even if decentralized, creates a highly attractive target for cybercriminals. A breach could have far-reaching implications, potentially exposing the intimate details of individuals’ lives. While blockchain technology can significantly contribute to achieving SDG 16.9, ensuring the cybersecurity of such a system is paramount. And not to get overly controversial, errant governments could use the information in your personal life ledger to restrict access to important assets like your bank, or your job. This is already happening in China.

To mitigate these risks, a multifaceted approach is necessary. First, enhancing the security of endpoints through regular updates, robust encryption, and user education on cybersecurity practices is crucial. Second, implementing dynamic consent mechanisms where individuals have control over who accesses their information and for what purpose can help address privacy concerns. Additionally, exploring technological solutions, such as zero-knowledge proofs, can allow for the verification of information without revealing the information itself, further safeguarding privacy.

International cooperation and the development of global standards for blockchain security in the context of digital identities are essential. This would ensure a unified approach to tackling cyber risks, fostering trust in blockchain-based identity systems.

While blockchain presents a promising though possibly troubling pathway towards achieving UN SDG 16.9, it is imperative to navigate the associated cyber risks with a strategic, multifaceted approach. In this way, we can cautiously use blockchain technology to provide secure and immutable digital identities for all (if a person chooses to participate, but that’s another argument for another article), thereby unlocking access to essential services. One could even speculate that tying essential life services to a digital ID might do more harm than good.

Original article can be found here.

(1) https://unite.un.org/sites/unite.un.org/files/emerging-tech-series-blockchain.pdf

Copyright © 2024 CyberEye Call us at: ‪(520)224-8981