Forgot your password?
typodupeerror
Privacy Cellphones Government

NSA and GCHQ Target "Leaky" Phone Apps To Scoop User Data 144

Posted by samzenpus
from the always-watching dept.
schwit1 writes "New leaked NSA documents shed a new light on the agency's assault on the data controls of smartphone apps. Using app data permissions as a jumping off point, the documents show agency staffers building huge quantities of data, including 'intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.' One slide lists capabilities for 'hot mic' recording, high precision geotracking, and file retrieval which would reach any content stored locally on the phone, including text messages, emails and calendar entries. As the slide notes in a parenthetical aside, 'if it's on the phone, we can get it.'"
This discussion has been archived. No new comments can be posted.

NSA and GCHQ Target "Leaky" Phone Apps To Scoop User Data

Comments Filter:
  • So what. (Score:3, Insightful)

    by RightSaidFred99 (874576) on Monday January 27, 2014 @05:30PM (#46085303)

    People seem to be freaking out that all these capabilities exist when anyone with half a wit or more knew that this was all possible.

    The question is regarding the set of controls over how and when this is done.

    I mean, by golly, did you know that 5 years ago they could listen in on your phone conversations and even determine where you were located when you were making the phone call?!

    Carrying on about these capabilities (as opposed to the way they are used) is going to look as quaint to people in 20 years as the above concern about land-line phone calls looks now.

  • Re:Smurftastic! (Score:5, Insightful)

    by MightyMartian (840721) on Monday January 27, 2014 @05:34PM (#46085359) Journal

    And a police officer has the technical capacity to walk into my house and shoot me dead. That I can appreciate his likely skill with a service revolver doesn't mean he gets to shoot me dead at a whim.

    The same applies to the NSA. That it has some bright brains who have some impressive technical capabilities does not mean that they should be permitted to wantonly do it without proper civilian oversight, including the requirement that no US citizen's data be collected without an explicit and accurate warrant.

    In other words; capacity is only part of the equation.

  • by Anonymous Coward on Monday January 27, 2014 @05:47PM (#46085511)

    To be clear, it's the Obama Administration that is doing this. After all, he is responsible for the actions of this and other Federal Agencies.

  • Re:So what. (Score:5, Insightful)

    by bob_super (3391281) on Monday January 27, 2014 @05:50PM (#46085541)

    Yes, but it's only in the last couple decades that they've been able to regroup all the data from all the forms of communication attached to every single user.
    The scale of the task used to keep people focused on potential targets. Now it's about having everything on everyone, because nobody ever got fired for having too much data when shit happens.

  • Re:So what. (Score:5, Insightful)

    by fuzzyfuzzyfungus (1223518) on Monday January 27, 2014 @05:50PM (#46085545) Journal
    "The question is regarding the set of controls over how and when this is done."

    Yes, about those... The secret ones, that you'd need access to secret information to verify compliance with, based on a classified interpretation of a massive hodgepodge of assorted laws, executive orders, and precedents, as interpreted by a secret court that doesn't release opinions and hears only testimony from the state agents requesting authorization? Those ones... Forgive me if I'm... less than 100% reassured.

    Internal regulation and discipline can't even keep the officers of Hickville PD from periodic abuses that end up drawing big civil suits, and those guys are both nearly powerless and highly vulnerable to 3rd party scrutiny. Why would anyone expect 'controls' on an agency that can just stamp 'Double Top Secret' on anything embarassing and bury it forever to be more than a joke for the break room?
  • by SirGarlon (845873) on Monday January 27, 2014 @05:51PM (#46085561)

    Remember, I'm on your side

    Correction: I'm on the side you *claim to be on*.

  • by fuzzyfuzzyfungus (1223518) on Monday January 27, 2014 @05:53PM (#46085571) Journal

    What? GPS receivers don't transmit. How do you track a GPS receiver?

    You don't(well, somebody with an indistinguishable-from-magic antenna array and a truck full of DSPs might be able to pick up some effect of your antenna and RF circuitry against background; but it'd be dubiously practical at best); but a great many GPS receivers are connected to cellphones that are delightfully cooperative about providing those data for you. Now, even without GPS, cell tower triangulation would provide rough data; but GPS neatens it up nicely.

  • Re:Smurftastic! (Score:2, Insightful)

    by Zaelath (2588189) on Monday January 27, 2014 @06:12PM (#46085759)

    That's a worthless comment.

  • Re:Smurftastic! (Score:4, Insightful)

    by bob_super (3391281) on Monday January 27, 2014 @06:14PM (#46085785)

    While that's a bit of an exaggeration since NSA is only collecting (once the data comes up/who cares where the hammer falls down/it's not my department/says NSA von braun), it fits in a more worrisome pattern.

    There was never a doubt in the European's mind that waterboarding is torture, because that's what was used by the Reich on the resistance. When you add a KGB/Stasi-on-steroids NSA, that makes for a nasty vibe.

  • by raymorris (2726007) on Monday January 27, 2014 @06:50PM (#46086161)

    Indeed, that's the difference. When they had to show up with a warrant for a specific individual and have agents sit and listen, they did that for high value suspects. Now it's all of us, all the time, who are the targets.

  • by Jody Bruchon (3404363) on Monday January 27, 2014 @06:57PM (#46086241)
    This is why the FIRMWARE of phone radio CPUs needs to be fully open-sourced. Until they are, there is no way to audit them for privacy concerns nor modify them to close such loopholes.
  • Re:So... (Score:1, Insightful)

    by Anonymous Coward on Monday January 27, 2014 @07:01PM (#46086281)
    If you're rooted, encrypting does nothing but give a false sense of security.

"And do you think (fop that I am) that I could be the Scarlet Pumpernickel?" -- Looney Tunes, The Scarlet Pumpernickel (1950, Chuck Jones)

Working...