In the wake of the horrific terror attacks in Paris this month, people are coming out of the woodwork demanding to know how these attacks weren’t stopped ahead of time. There is no shortage of finger pointing and Monday morning quarterbacking going on. The sub-headline of a Wall Street Journal article reads:
“Paris attacks raise possibility that extremists have found ways around western surveillance”
Not to sound flippant, but ‘ya think?’
No matter how sophisticated surveillance techniques get, there will always be ways around them. As technology progresses for both surveillance and evasion and the users become more adept, ordinary citizens become trapped in the middle, either as victims of terror or of government agencies potentially overstepping and invading privacy. In this post I will outline some current and near-future surveillance technologies and how criminals and terrorists can get around them.
Cell Phone Tracking
If you’ve watched any spy movie lately, it likely involved someone either being tracked or tracking someone else by monitoring the cell towers that person’s cell phone used. That ability has been used by law enforcement almost since cell phones have been around. Also in practice is something called a stingray tracking device. Via this technology, law enforcement can emulate a cell tower so a suspect’s device connects to it rather than the actual tower, enabling all sorts of snooping, including triangulation on the exact location of the cell phone being tracked. If a particular phone can be accessed code/an app installed, then remote eavesdropping and tracking are trivial exercises.
How it can be beaten: You’ve probably heard of burner phones and replacing sim cards. By periodically changing a cell phone, it is difficult to track and individual.
It should be no surprise to anyone that anything you type into a chat room, send via email, or save on any networked device, can be accessed by law enforcement. At the same time, the IP address of a user can be logged and narrow down a search area to a fairly confined space. Currently, online chat and other communication services are being utilized by criminals and terrorists to try and stay off the grid. Some can be monitored and tracked easily, some cannot. The same Wall Street Journal article mentioned above references Islamic State tutorials that list Safest, Safe, Moderately Safe and Unsafe chat apps to use.
How it can be beaten: Use of such things as virtual private networks can mask a user’s IP address. Peer to peer communication applications abound and their use can be encrypted.
Malware and computer viruses are not just the tools of hackers and criminals. If a terrorist or criminal can be duped into exposing his or her computer to one then every keystroke, every action, audio and video can be captured and transmitted. Governments are already using this tool extensively. China used it to spy on the Dalai Lama. North Korea almost brought down Sony. The US and Israel dropped worms onto Iranian computers. The list goes on.
How it can be beaten: This can be tough. The Russian Red October virus ran rampant for 5 years before it was discovered. Only a complete wipe of the computer and reinstalling an operating system from scratch is a sure way to be virus free.
Automated License Plate Recognition (ALPR)
Already in use by as much as 71% of law enforcement agencies in the United States, ALPR is used for everything from catching toll jumpers to nabbing people with unpaid parking tickets. More recently, as data capabilities have grown, readers on police vehicles have begun capturing and cataloging movements of every car they encounter, allowing law enforcement to use advanced algorithms to track movement of potential criminals. In the fight on terror, this could be useful for such things as identifying potential visitors to known terrorist locations or tracking a known terrorist vehicle to potential attack sites.
How it can be beaten: Carry additional sets of magnetic plates and periodically change them.
Facial Recognition (FR)
The first time the concept of facial recognition hit the mainstream was in the movie Minority Report. At the time it was both intriguing and somewhat scary. Currently FR is used in a variety of things such as verifying passport holders (in New Zealand), to mugshot databases, to logging into a mobile phone. Real time usage has only recently begun to surface, incorporating such things as infrared detection to work in darkness. Current capabilities are not well advertised. Obviously this could be very useful in tracking terror suspects. Every time a terrorist would be near a networked camera, he or she would be in danger of exposure. In Great Britain, it is estimated there are nearly six million CCTV cameras. Imagine if powerful computers with facial recognition software were paired with them. Maybe the pairing has already happened.
How it can be beaten: Where possible, cover your face, or hire a Hollywood makeup artist.
Like facial recognition digitally categorizes features of a person’s face, voice recognition does for their voice. By uniquely defining an individual’s speech patterns and vocal attributes, that person can potentially be tracked every time he or she talks on a phone or near any networked microphone. As the case with Snowden pointed out, most people get a little perturbed when they find out every conversation they have on a phone is being recorded. One potential way around that is using voice recognition at the beginning of a call to identify whether one of the callers is a criminal or terrorist. If so, record the call. If not, don’t.
How it can be beaten: Use a voice altering device when speaking into a microphone of any kind.
So now we start to get a little more futuristic. GPS trackers have fallen dramatically in size over the last few years – the smallest commercially available is less than an inch square and a couple of millimeters thick. As the form factor continues to shrink, planting them on known terrorists becomes more realistic. And trackers don’t only need to be GPS in nature. Even using a material or, in the future, nano-electronics, that can be picked up by specific detectors can allow surveillance personnel to simply dust an area or item with microscopic particles or devices, and when a terrorist is exposed, they cling to him so he can be detected later.
How it can be beaten: Get a detector to see when you’re contaminated, or just take a shower.
Some of the methods listed above may sound scary to people with privacy concerns. Even as potent as they may be, there are ways to thwart them. What each does, however, is add friction to the efforts to stay in the shadows. More friction slows things down, making it more difficult to keep from being detected.
The question that we all must answer for ourselves is: Is this friction worth the loss of privacy?