May
24

Like that could happen

By

Privacy advocates worry that military drones could soon be used to spy on Americans. An activist friend trying to get reporters to publicize how the military plans for its squadrons of Predators, Reapers, etc. to share the National Airspace System (NAS) with private and commercial aircraft is greeted with the kind of skepticism one might have gotten a few years ago for suggesting the NSA was bulk-collecting Americans’ phone records. Like that could happen.

Others have worried about hackers hijacking unmanned or commercial aircraft and, say, flying them into buildings. Like that could happen.

According to Der Spiegel last week, IT expert Chris Roberts has shown what, in theory, could happen with commercial airliners:

According to the FBI document, which was first made public by the Canadian news website APTN, Roberts was able to hack into the onboard entertainment systems — manufactured by companies such as Panasonic and Thales — of passenger planes such as the Boeing 737, the Boeing 757 and the Airbus A320. He did so a total of 15 to 20 times between 2011 and 2014. To do so, he hooked his laptop up to the Seat Electronic Box (SEB) — which are usually located under each passenger seat — using an Ethernet cable, which is unsettling enough.

But Roberts may also potentially have used the SEB to hack into sensitive systems that control the engines. In one case, he may even have been able to manipulate the engines during flight. He says that he was able to successfully enter the command “CLB,” which stands for “climb,” and the plane’s engines reacted accordingly, he told the FBI, according to the document.

Der Spiegel reports that two years ago a young Spaniard, Hugo Teso, briefed officials from the European Aviation Safety Agency (EASA) on how hackers might exploit backdoors to gain control of aircraft systems remotely. You might not even need a computer, he explained, because he developed a smartphone app for that. EASA was not amused.

Esti Peshin, Israel Aerospace Industries cyber-programs director, told a recent security conference in Washington there is already a PDF “blueprint for hackers” available online, according to the blog Security Affairs:

It is important to point out the fact that there might be some relation between the hacking of drones made easily accessible on Google and the downing of a CIA drone caused by Iran. GPS hijacking has become a growing phenomenon that will most likely grow even further in the near future, as drones take over more responsibilities and are used in multiple situations. The estimated cost for getting what it takes to hack the drones varies from $2,000 to $3,000 and this is certainly an investment that hackers can spare.

Todd Humphrey, assistant professor at the University of Texas at Austin’s Radio navigation Laboratory, believes that as well:

Humphrey demonstrated to Homeland Security agents that spending around $1,000 on equipment and designing an application able to send signals to the drone’s GPS receiver he is able to gain complete control of the vehicle.

Humphrey calls it “an Achilles heel for homeland security.” Which is no doubt why the Air Force and civilian developers are in such a hurry to introduce 30,000 drones into the national airspace in the next five to ten years. Just when you thought it was safe to stop ducking and covering.

Privacy concerns

John Horgan of National Geographic magazine wrote in 2013 about the privacy concerns with the technology:

During the last few years of the U.S. occupation of Iraq, unmanned aircraft monitored Baghdad 24/7, turning the entire city into the equivalent of a convenience store crammed with security cameras. After a roadside bombing U.S. officials could run videos in reverse to track bombers back to their hideouts. This practice is called persistent surveillance. The American Civil Liberties Union (ACLU) worries that as drones become cheaper and more reliable, law enforcement agencies may be tempted to carry out persistent surveillance of U.S. citizens. The Fourth Amendment to the Constitution protects Americans from “unreasonable searches and seizures,” but it’s not clear how courts will apply that to drones.

What Jay Stanley of the ACLU calls his “nightmare scenario” begins with drones supporting “mostly unobjectionable” police raids and chases. Soon, however, networks of linked drones and computers “gain the ability to automatically track multiple vehicles and bodies as they move around a city,” much as the cell phone network hands calls from one tower to the next. The nightmare climaxes with authorities combining drone video and cell phone tracking to build up databases of people’s routine comings and goings—databases they can then mine for suspicious behavior. Stanley’s nightmare doesn’t even include the possibility that police drones might be armed.

Like that could happen:

But don’t worry. Drones don’t kill people. People do, right?

Liberal and conservative groups are uniting around the threat to both physical security and Fourth Amendment concerns posed by the technology and provisions in the Patriot Act the NSA has used to justify domestic surveillance. The Electronic Frontier Foundation has joined 29 other groups in supporting the End Warrantless Surveillance of Americans Act (H.R. 2233) introduced by Congressman Ted Poe (R-TX) along with Congresswoman Zoe Lofgren (D-CA) and Congressman Thomas Massie (R-KY). Speaking of backdoors, EFF writes:

H.R. 2233 has goals similar to last year’s Massie-Lofgren amendment to the Department of Defense Appropriations Act for FY 2015, which passed overwhelmingly with strong bipartisan support: 293 ayes, 123 nays, and 1 present.  That legislation would have closed the so-called National Security Agency “backdoors”—security flaws engineered into products and services to enable or facilitate government access to, and warrantless searches of, the contents of Americans’ communications—by prohibiting NSA and the Central Intelligence Agency from using appropriated funds to mandate or request that companies build backdoors into products or services.

H.R. 2233 goes further, because the prohibition on mandating or requesting backdoors would apply to any federal agency. This change is especially important for U.S. companies, who have suffered reputational harm overseas, and even lost business, in the wake of revelations about the extent of NSA spying. H.R. 2233, like the Massie-Lofgren amendment, does have an exception for backdoors mandated by the Communications Assistance for Law Enforcement Act, a law that we’ve long had concerns about.

H.R. 2233 would also address the “backdoor search loophole” by prohibiting any officer or employee of the United States from searching through communications collected under Section 702 for communications of a particular U.S. person without a court order. This provision has exceptions for certain limited circumstances.

What’s new is that H.R. 2233—unlike last year’s Massie-Lofgren amendment—aims to prohibit backdoor searches for particular U.S. persons of communications collected under authorities other than Section 702—including, according to Rep. Lofgren, Executive Order 12333. While many people have never even heard of this presidential order, as the Washington Post pointed out in October, “Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333 , which defines the basic powers and responsibilities of the intelligence agencies.”

The 30 groups “urge the Congress to move speedily to enact this legislation.” Like that could happen.

I have written repeatedly about the Midas cult, the obsession our culture has with turning everything it can imagine into gold, whether we should or not. Because it is somehow un-American not to. There is also a perversion of the American can-do ethos that says “if you can imagine it, you can do it.” And should, because it is somehow un-American not to. (Watch the video above.) But that aphorism popular with entrepreneurs also works for terrorists and rogue governments.

(Cross-posted from Hullabaloo.)

Comments are closed.