Tag Archives: spying

Tesla as Catfish: When China Carps-Tech CEOs Fall in Line

Many countries are wrestling with how to regulate digital records. Some economies, including in Europe, emphasize the need for data privacy, while others, such as China and Russia, put greater focus on government control. The U.S. currently doesn’t have a single federal-level law on data protection or security; instead, the Federal Trade Commission is broadly empowered to protect consumers from unfair or deceptive data practices.

Behind China’s moves is a growing sense among leaders that data accumulated by the private sector should in essence be considered a national asset, which can be tapped or restricted according to the state’s needs, according to the people involved in policy-making. Those needs include managing financial risks, tracking virus outbreaks, supporting state economic priorities or conducting surveillance of criminals and political opponents. Officials also worry companies could share data with foreign business partners, undermining national security.


Beijing’s latest economic blueprint for the next five years, released in March 2021, emphasized the need to strengthen government sway over private firms’ data—the first time a five-year plan has done so. A key element of Beijing’s push is a pair of laws, one passed in June 2021, the Data Security Law,  and the other a proposal updated by China’s legislature in Apr0il 2021. Together, they will subject almost all data-related activities to government oversight, including their collection, storage, use and transmission. The legislation builds on the 2017 Cybersecurity Law that started tightening control of data flows.

The law will “clearly implement a more stringent management system for data related to national security, the lifeline of the national economy, people’s livelihood and major public interests,” said a spokesman for the National People’s Congress, the legislature. The proposed Personal Information Protection Law, modeled on the European Union’s data-protection regulation, seeks to limit the types of data that private-sector firms can collect. Unlike the EU rules, the Chinese version lacks restrictions on government entities when it comes to gathering information on people’s call logs, contact lists, location and other data.

In late May 2021, citing concerns over user privacy, the Cyberspace Administration of China singled out 105 apps—including ByteDance’s video-sharing service Douyin and Microsoft Corp.’s Bing search engine and LinkedIn service—for excessively collecting and illegally accessing users’ personal information. The government gave the companies named 15 days to fix the problems or face legal consequences….

Beijing’s pressure on foreign firms to fall in line picked up with the 2017 Cybersecurity Law, which included a provision calling for companies to store their data on Chinese soil. That requirement, at least initially, was largely limited to companies deemed “critical infrastructure providers,” a loosely defined category that has included foreign banks and tech firms….Since 2021, Chinese regulators have formally made the data-localization requirement a prerequisite for foreign financial institutions trying to get a foothold in China. Citigroup Inc. and BlackRock Inc. are among the U.S. firms that have so far agreed to the rule and won licenses to start wholly-owned businesses in China…

Senior officials have publicly likened Tesla to a “catfish” rather than a “shark,” saying the company could uplift the auto sector the way working with Apple and Motorola Mobility LLC helped elevate China’s smartphone and telecommunications industries. To ensure Tesla doesn’t become a security risk, China’s Cyberspace Administration recently issued a draft rule that would forbid electric-car makers from transferring outside China any information collected from users on China’s roads and highways. It also restricted the use of Tesla cars by military personnel and staff of some state-owned companies amid concerns that the vehicles’ cameras could send information about government facilities to the U.S. In late May 2021, Tesla confirmed it had set up a data center in China and would domestically store data from cars it sold in the country. It said it joined other Chinese companies, including Alibaba and Baidu Inc., in the discussion of the draft rules arranged by the CyberSecurity Association of China, which reports to the Cyberspace Administration…

Increasingly, China’s president, Mr. Xi, leaned toward voices advocating greater digital control. He now labels big data as another essential element of China’s economy, on par with land, labor and capital.  “From the point of view of the state, anti-data monopoly must be strengthened,” said Li Lihui, a former president of state-owned Bank of China Ltd. and now a member of China’s legislature. He said he expects China to establish a “centralized and unified public database” to underpin its digital economy.

Excerpts from China’s New Power Play: More Control of Tech Companies’ Troves of Data, WSJ, June 12, 2021

Breath and Sweat: the Biometrics of All Private Things

It is not just DNA that people scatter to the wind as they go about their business. They shed a whole range of other chemicals as well, in their breath, their urine, their faeces and their sweat. Collectively, these molecules are referred to as metabolites….

The most common way of analysing metabolite content is gas chromatography-mass spectrometry. This technique sorts molecules by their weight, producing a pattern of peaks that correspond to different substances….There are, however, a lot of information sources out there, in the form of publicly available metabolite databases. The databases themselves are getting better, too…. A study just published by Feliciano Priego-Capote at University of Cordoba, in Spain, for example, shows it is possible to extract much meaningful information from even a dried-up drop of sweat. “The day is coming soon”, observes Cecil Lewis, a molecular anthropologist at University of Oklahoma, who is studying the matter, “when it will be possible to swab a person’s desk, steering wheel or phone and determine a wide range of incredibly private things about them….


The police may be tempted to push the boundaries as well. The fourth amendment to America’s constitution protects against unwarranted searches and seizure of evidence. This means it is hard to force someone to give a sample. But if obtaining such merely requires taking a swab of a surface in a public place—perhaps a keyboard someone has just used—the 4th amendment is unlikely to apply.

That is not necessarily wrong, if it means more criminals are caught and convicted. But it needs to be thought about carefully, because many metabolites are sticky. Cocaine is a case in point. Studies have shown that as many as two-thirds of the dollar bills in circulation in America carry traces of this substance, which might thus end up on the fingertips of the innocent, as well as the guilty.

Excerpts from Metabolites and You, Economist, Feb. 15, 2019

Stasi Reborn: Democratizing Internet Censorship

The internet is the “spiritual home” of hundreds of millions of Chinese people. So China’s leader, Xi Jinping, described it in 2016. He said he expected citizens to help keep the place tidy. Many have taken up the challenge. In December 2019 netizens reported 12.2m pieces of “inappropriate” content to the authorities—four times as many as in the same month of 2015. The surge does not indicate that the internet in China is becoming more unruly. Rather, censorship is becoming more bottom-up

Officials have been mobilising people to join the fight in this “drawn-out war”, as a magazine editor called it in a speech in September to Shanghai’s first group of city-appointed volunteer censors. “Internet governance requires that every netizen take part,” an official told the gathering. It was arranged by the city’s cyber-administration during its first “propaganda month” promoting citizen censorship. The 140 people there swore to report any online “disorder”…

 Information-technology rules, which took effect on December 1st, 2019 oblige new subscribers to mobile-phone services not only to prove their identities, as has long been required, but also to have their faces scanned. That, presumably, will make it easier for police to catch the people who post the bad stuff online.

Excerpt from  The Year of the Rat-fink: Online Censorship, Economist, Jan 18, 2020

The Repressive Digital Technologies of the West

A growing, multi-billion-dollar industry exports “intrusion software” designed to snoop on smartphones, desktop computers and servers. There is compelling evidence that such software is being used by oppressive regimes to spy on and harass their critics. The same tools could also proliferate and be turned back against the West. Governments need to ensure that this new kind of arms export does not slip through the net.

A recent lawsuit brought by WhatsApp, for instance, alleges that more than 1,400 users of its messaging app were targeted using software made by NSO Group, an Israeli firm. Many of the alleged victims were lawyers, journalists and campaigners. (NSO denies the allegations and says its technology is not designed or licensed for use against human-rights activists and journalists.) Other firms’ hacking tools were used by the blood-soaked regime of Omar al-Bashir in Sudan. These technologies can be used across borders. Some victims of oppressive governments have been dissidents or lawyers living as exiles in rich countries.

Western governments should tighten the rules for moral, economic and strategic reasons. The moral case is obvious. It makes no sense for rich democracies to complain about China’s export of repressive digital technologies if Western tools can be used to the same ends. The economic case is clear, too: unlike conventional arms sales, a reduction in spyware exports would not lead to big manufacturing-job losses at home.

The strategic case revolves around the risk of proliferation. Software can be reverse-engineered, copied indefinitely and—potentially—used to attack anyone in the world…. There is a risk that oppressive regimes acquire capabilities that can then be used against not just their own citizens, but Western citizens, firms and allies, too. It would be in the West’s collective self-interest to limit the spread of such technology.

A starting-point would be to enforce existing export-licensing more tightly… Rich countries should make it harder for ex-spooks to pursue second careers as digital mercenaries in the service of autocrats. The arms trade used to be about rifles, explosives and jets. Now it is about software and information, too. Time for the regime governing the export of weapons to catch up

The spying business: Western firms should not sell spyware to tyrants, Economist, Dec. 14, 2019

Data Mining: CIA, Facebook, Instagram and Twitter

Among the 38 previously undisclosed companies receiving In-Q-Tel funding, the research focus that stands out is social media mining and surveillance; the portfolio document lists several tech companies pursuing work in this area, including Dataminr, Geofeedia, PATHAR, and TransVoyant….The investments appear to reflect the CIA’s increasing focus on monitoring social media. In September 2015, David Cohen, the CIA’s second-highest ranking official, spoke at length at Cornell University about a litany of challenges stemming from the new media landscape. The Islamic State’s “sophisticated use of Twitter and other social media platforms is a perfect example of the malign use of these technologies,” he said…

The latest round of In-Q-Tel investments comes as the CIA has revamped its outreach to Silicon Valley, establishing a new wing, the Directorate of Digital Innovation…

Dataminr directly licenses a stream of data from Twitter to visualize and quickly spot trends on behalf of law enforcement agencies and hedge funds, among other clients.  Geofeedia collects geotagged social media messages to monitor breaking news events in real time.Geofeedia specializes in collecting geotagged social media messages, from platforms such as Twitter and Instagram, to monitor breaking news events in real time. The company, which counts dozens of local law enforcement agencies as clients, markets its ability to track activist protests on behalf of both corporate interests and police departments.PATHAR mines social media to determine networks of association…

PATHAR’s product, Dunami, is used by the Federal Bureau of Investigation to “mine Twitter, Facebook, Instagram and other social media to determine networks of association, centers of influence and potential signs of radicalization,” according to an investigation by Reveal.

TransVoyant analyzes data points to deliver insights and predictions about global events.  TransVoyant, founded by former Lockheed Martin Vice President Dennis Groseclose, provides a similar service by analyzing multiple data points for so-called decision-makers. The firm touts its ability to monitor Twitter to spot “gang incidents” and threats to journalists. A team from TransVoyant has worked with the U.S. military in Afghanistan to integrate data from satellites, radar, reconnaissance aircraft, and drones….

The recent wave of investments in social media-related companies suggests the CIA has accelerated the drive to make collection of user-generated online data a priority. Alongside its investments in start-ups, In-Q-Tel has also developed a special technology laboratory in Silicon Valley, called Lab41, to provide tools for the intelligence community to connect the dots in large sets of data.  In February, Lab41 published an article exploring the ways in which a Twitter user’s location could be predicted with a degree of certainty through the location of the user’s friends. On Github, an open source website for developers, Lab41 currently has a project to ascertain the “feasibility of using architectures such as Convolutional and Recurrent Neural Networks to classify the positive, negative, or neutral sentiment of Twitter messages towards a specific topic.”

Collecting intelligence on foreign adversaries has potential benefits for counterterrorism, but such CIA-supported surveillance technology is also used for domestic law enforcement and by the private sector to spy on activist groups.

Palantir, one of In-Q-Tel’s earliest investments in the social media analytics realm, was exposed in 2011 by the hacker group LulzSec to be innegotiation for a proposal to track labor union activists and other critics of the U.S. Chamber of Commerce, the largest business lobbying group in Washington. The company, now celebrated as a “tech unicorn” …

Geofeedia, for instance, promotes its research into Greenpeace activists, student demonstrations, minimum wage advocates, and other political movements. Police departments in Oakland, Chicago, Detroit, and other major municipalities havecontracted with Geofeedia, as well as private firms such as the Mall of America and McDonald’s.

Lee Guthman, an executive at Geofeedia, told reporter John Knefel that his company could predict the potential for violence at Black Lives Matter protests just by using the location and sentiment of tweets. Guthman said the technology could gauge sentiment by attaching “positive and negative points” to certain phrases, while measuring “proximity of words to certain words.”

Privacy advocates, however, have expressed concern about these sorts of automated judgments.“When you have private companies deciding which algorithms get you a so-called threat score, or make you a person of interest, there’s obviously room for targeting people based on viewpoints or even unlawfully targeting people based on race or religion,” said Lee Rowland, a senior staff attorney with the American Civil Liberties Union.”

Excerpt from Lee Fang, THE CIA IS INVESTING IN FIRMS THAT MINE YOUR TWEETS AND INSTAGRAM PHOTOS, Intercept, Apr. 14, 2016