Webcams Activated by School on Student Macs

[NovaScotian]

Quote: Originally Posted by tlarkin Someone who writes for a Philly newspaper found this site and contacted me and wants to interview me about my job and the ins and outs of school IT. However, I think I am going to decline as I don't think I should be making any statements to the press period. I think with this whole thing blowing up and the media possibly blowing it up and out of proportion, I am not sure if I want my name tied to it anywhere. There are articles that say the kids over at that school system were trying to 'jail-break' their macbooks. I don't think Jail-break is the proper term. If they used built in OS tools to reset passwords, how is that jail-breaking? That is using built in tools to reset a machine to defaults. If they boot into single user mode and use a few different methods to create a local account, or say even wipe out the Mac and load their own clean retail version of the OS on there, they are still using built in tools that Apple provides to accomplish this.

Great call TL. Having had some experience with reporters' take on technical stories, I'd say it's a sure thing that your name would have been connected to a story in which the reporter probably misunderstood a lot of what you said or put a spin on it you didn't like. At the end of the day, if this whole thing goes to a civil court, you'd have been called by one side or the other to testify (having been identified as an expert in the papers). Not a road either you or the school board you work for would like you to travel.

[aehurst]

Now it's cell phones making the news as a spy/stalking device. Apparently software can be installed on a cell phone that permits a stalker to take pictures, listen to conversations, read text messages, and determine locations, all without the owner's knowledge.... and the phone does not have to be in use for any of those to happen.


http://abcnews.go.com/GMA/cell-phone...ry?id=10020677

[ArcticStones]

.

Quote: Originally Posted by aehurst Now it's cell phones making the news as a spy/stalking device. Apparently software can be installed on a cell phone that permits a stalker to take pictures, listen to conversations, read text messages, and determine locations, all without the owner's knowledge.... and the phone does not have to be in use for any of those to happen.

I believe there was a federal case against an organized crime group a couple of years ago, that proved your mobile phone doesn’t even have to be on. It will nevertheless provide some of those functions!
.

[tlarkin]

I was reading up on a supreme court case where a student had given a teacher the middle finger off of campus, after school hours. The school suspended the student and the student said they could not since it should be protected under his 1st amendment of free speech. If I recall, the SCOTUS sided with the school on this one, saying that a student's conduct towards staff was expected to be good even off school grounds.

Then you have another case where a student was suspended and forced out of her honor's classes for a facebook post which also went to the supreme court. She had created a facebook group page calling one of her teachers the worst teacher ever, nothing that bad. The SCOTUS sided with her and left it open for civil suit against the administrator that forced her out of her honors courses, as they ruled it was protected under the 1A.

So, it will be very interesting to see how the courts decide this case, and I can see this going to the SCOTUS as well.

[aehurst]

Quote: Originally Posted by tlarkin So, it will be very interesting to see how the courts decide this case, and I can see this going to the SCOTUS as well.

We had a case here a couple years back where a motorist gave the bird to a state trooper and was cited for something another. State Supreme Court held the bird was an expression of free speech. Guy was lucky it was the State Police he gave the bird to cause they are a professional bunch. If some of local sheriffs had gotten that, I suspect the guy would have spent the night in jail, and then released the next day before the matter went to a judge.... or worse.

Sooner or later we as a society are going to have to come to grips with the whole arena of privacy and technology.

Read another article on the school's use of Macbook, camera, etc. This author took the position that what the school did was only the tip of the iceberg. The real threat was the same technology made it possible for a 3rd party hacker to get into the Macbook and do all kinds of destructive things that would affect a lot more than the one student.

[tlarkin]

Quote: Originally Posted by aehurst We had a case here a couple years back where a motorist gave the bird to a state trooper and was cited for something another. State Supreme Court held the bird was an expression of free speech. Guy was lucky it was the State Police he gave the bird to cause they are a professional bunch. If some of local sheriffs had gotten that, I suspect the guy would have spent the night in jail, and then released the next day before the matter went to a judge.... or worse. Sooner or later we as a society are going to have to come to grips with the whole arena of privacy and technology. Read another article on the school's use of Macbook, camera, etc. This author took the position that what the school did was only the tip of the iceberg. The real threat was the same technology made it possible for a 3rd party hacker to get into the Macbook and do all kinds of destructive things that would affect a lot more than the one student.

Reading through strydehax's blog, I did realize that if someone were to say, hijack the absolute servers, it could open up a mess of security issues. Imagine an outsider gaining access to thousands upon thousands of web cams?

Though, Absolute, did claim they are removing that feature from their product. That won't stop hackers from social engineering their way back into the system though. For example, I could bundle the command line application to control the web cam in say a pirated copy of iLife 09, or Final Cut Studio, and then have a trojan phone home to my server the client information and have it root the machine. Once a user inputs their admin account credentials to install software it opens up the whole system. So, hackers could mask their exploits with in what seems to be legit (although pirated) software one would download off a torrent tracker.

I don't pirate software really, unless there is a product I need to test out and the company doesn't offer any decent trial versions, but that is just because I hate not testing something out to it's fullest before I purchase, and yes I purchase or delete depending on my final thoughts. However, 99% of the time I don't do that.

It is like Kevin Mitnick says, if you have a human element involved with your technology there is always a security risk. What I have written is rather far fetched though, but still probably quite possible if done right with the proper know how.

[johnsawyercjs]

Quote: Originally Posted by ArcticStones I believe there was a federal case against an organized crime group a couple of years ago, that proved your mobile phone doesn’t even have to be on. It will nevertheless provide some of those functions!

Well, technically, the phone would have to be ON in order to do those things--while it's totally powered off, it can't do anything--but the fact that it's on may not be apparent to the phone's user. The screen would be dark, and when the user pressed the power button to wake it, whatever the cracker is having the phone do, would terminate and return the phone to normal operating condition as far as the user could tell.

[ArcticStones]

.

Quote: Originally Posted by aehurst Sooner or later we as a society are going to have to come to grips with the whole arena of privacy and technology.

But we already have!
And by definition, virtually none of our communication is private anymore.

In fact, any company offering electronic communications -- be it email, mobile phone calls or landline calls -- is legally required to store all key information. In addition, of course, all our communications are fed through very effective filters.

Add to that all the electronic tracks you leave as you move about or purchase something. Heck, all you need do is take your face with you, and if you’re deemed interesting your movements will be duly noted.
.

[tlarkin]

Go to youtube.com and look up Eric Holder and Eric Schmidt on Internet privacy and hear what they have to say about it. Rather disturbing to be honest.

[ArcticStones]

.

Quote: Originally Posted by tlarkin Go to youtube.com and look up Eric Holder and Eric Schmidt on Internet privacy and hear what they have to say about it. Rather disturbing to be honest.

I have heard that, at the outset and in principle, Google stores search behaviour in perpetuum. Is that true? Now, for most of us I’m sure that would be rather boring reading -- but I’m sure this information has value and potential, not all of it equally benign.
.

[tlarkin]

Quote: Originally Posted by ArcticStones . I have heard that, at the outset and in principle, Google stores search behaviour in perpetuum. Is that true? Now, for most of us I’m sure that would be rather boring reading -- but I’m sure this information has value and potential, not all of it equally benign. .

Schmidt always falls back to the Patriot Act though, saying he is being forced by the government to do so. I think they are using it to their advantage.

[ArcticStones]

.

Quote: Originally Posted by johnsawyercjs Well, technically, the phone would have to be ON in order to do those things--while it's totally powered off, it can't do anything--but the fact that it's on may not be apparent to the phone's user.

Check out this 2006 article on FBI surveillance techniques. Here are some excerpts:

Quote: The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone. Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

and:

Quote: The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." ... Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said.

Bear in mind that this was well over three years ago. Significant progress has been made since then. In short, the technology available is impressive!
.

[aehurst]

I'll state the obvious.... there is a pretty fine line between an iPhone and a laptop and that line is only going to get thinner in the years ahead.

Technology has become the enemy of privacy, more than ever before.

[NovaScotian]

A firm belief of mine that informs my behavior with any form of electronic communication -- Internet, land line, cell phone, WiFi -- is that I am in public. Anything I say or create an image of might be hearable/viewable by someone else at an ISP, phone company, etc. In essence, I'm saying that while I have every right to privacy, I really don't count on it.

[ArcticStones]

.
Here is a fresh, interesting article on a new Japanese tool that has great potential for the monitoring of employees. (Great for employers, that is.) A bit off topic, perhaps, and maybe we should start a new general thread?
.

[acme.mail.order]

That concept's not new here - we've had remote-monitor GPS in phones for a while. The big consumer market / acclimatization phase is in children's phones so parents know where they are (it's fairly common for primary-school children to have a phone and there are many models targeted at that age group). I've heard that some companies are unusually persistent in getting people to use the company-provided phones - those stories come from non-japanese staff who are either unusually persistent in declining politely, or just leave it in the desk drawer.

As practically every phone in the country has a camera I wonder how long it will be before the two are combined?

And what would Orwell think if he were alive today?

[fracai]

"Lawyer: Laptops took thousands of images"

Quote: Back at district offices, the Robbins motion says, employees with access to the images marveled at the tracking software. It was like a window into "a little LMSD soap opera," a staffer is quoted as saying in an e-mail to Carol Cafiero, the administrator running the program. "I know, I love it," she is quoted as having replied.

And "Key figure in 'Webcamgate' invokes Fifth"
I see this not so much as an admission of guilt, but as someone who has just realized how serious of an issue this has turned into.

[aehurst]

And the plot thickens. Here's an interview with the family. Hundreds of pics of the young man and his sister. Apparently several thousand pics taken of other students as well. Original statements from the school dist saying the cam was only activated 42 times and only when looking for a stolen computer was a false statement.

This is much worse than we originally thought.


http://news.yahoo.com/video/us-15749...-cams-19196035

http://news.cnet.com/8301-17852_3-20002697-71.html

[tlarkin]

So, 38,000 images huh? Or maybe it was over 50,000 and the 38k was just of those "stolen laptops."

http://www.dailyfinance.com/article/...tudent/912040/

This is a clear case of abuse of a product.

[tlarkin]

...and they toss the IT department under the bus

http://www.cio.com/article/592616/Re...am_Spying_Mess