Amazon Rekognition: Helping Make Work Safer

October 22, 2020

DarkCyber noted Amazon’s blog post “Automatically Detecting Personal Protective Equipment on Persons in Images Using Amazon Rekognition.” Amazon discloses:

With Amazon Rekognition PPE detection, you can analyze images from your on-premises cameras at scale to automatically detect if people are wearing the required protective equipment, such as face covers (surgical masks, N95 masks, cloth masks), head covers (hard hats or helmets), and hand covers (surgical gloves, safety gloves, cloth gloves). Using these results, you can trigger timely alarms or notifications to remind people to wear PPE before or during their presence in a hazardous area to help improve or maintain everyone’s safety.

The examples in the Amazon write up make sense. However, applications in law enforcement and security are also possible. For instance, consider saying, “Hands up” to a person of interest:

10 21 hands up

The system can detect objects held by an individual. You can get more information in the blog post. Policeware and intelware vendors working with Amazon at this time may generate other use cases.

Stephen E Arnold, October 22, 2020

Policeware: Three Products Identified But and That Is a Big But

October 15, 2020

DarkCyber’s eager beaver researcher who works from home spotted “3 Best Law Enforcement Software with Buyers Guide.” The market for policeware is a small one compared to the number of customers for pizzas. However, the money invested by a handful of customers makes some marketers believe that making sales to the government and intelligence sectors is easy. It is not; for example, when big project emerge from the labyrinths of statements of work and the applicable procurement machinations, not many companies know about the opportunities or have the right stuff to land the project. Consider the $950 million ID/IQ contract for SRC Inc. Household name, right?

The three outfits identified as the “best” contains one solid recommendation: ESRI. This is a company which provides a must-have product and service called ArcGIS. The company is in the spatial mapping business and some interesting adjacent fields.

However, Nuance is a fence sitter. DarkCyber thinks of this outfit as a vendor generating some revenue from doctors, lawyers, and police who want to dictate notes and have them converted to text. The company provides its speech-to-text and other products to a wide range of customers. There are some alternatives, including Amazon’s solution.

The inclusion of the Tresit Group’s emergency communication solution is interesting. The Disaster Information Reporting system provides real-time, secure, and logged communications for first responders and police. Secure communications remain an application space of interest. The company provides a communications solution.

The “but” is that the selection of solutions is useful, but there are other companies which provide more widely used solutions. Some of these policeware systems and products are sector leaders.

DarkCyber wants to point out that identifying three products as “best” is difficult. For a researcher or analyst looking for a wider pool of policeware vendors, DarkCyber suggests the Mei@4Sec Catalogue of Existing Technologies and Solutions Deliverable 2.2 European Organization for Security (EOS). You can download this helpful 44-page report at this link without charge. (Verified on October 11, 2020, but the document can be removed at any time.)

Stephen E Arnold, October 15, 2020

Amazon Expands Data Monitoring

October 13, 2020

Here is an optimistic view of the future, at least for areas where residents can afford to purchase these gadgets. CNET reports, “Amazon Sidewalk Will Create Entire Smart Neighborhoods. Here’s What You Should Know.” Yes, Amazon’s vision of the smart home has grown to encompass the whole subdivision. Based on how many Echo devices are backward compatible with the new tech, the plan has been in the works for some time. But what, exactly, is this project about? Reporter Ry Crist writes:

“First announced in 2019, the effort is called Amazon Sidewalk, and it uses a small fraction of your home’s Wi-Fi bandwidth to pass wireless low-energy Bluetooth and 900MHz radio signals between compatible devices across far greater distances than Wi-Fi is capable of on its own — in some cases, as far as half a mile, Amazon says. You’ll share that bandwidth with your neighbors, creating a sort of network of networks that any Sidewalk-compatible device can take advantage of. Along with making sure things like outdoor smart lights and smart garage door openers stay connected when your Wi-Fi can’t quite reach them, that’ll help things like Tile trackers stay in touch if you drop your wallet while you’re out on a walk, or if your dog hops the fence. Maybe most noteworthy of all is that Amazon Sidewalk won’t require any new hardware, at least not for short-range benefits like easier device pairing. Instead, it’ll arrive as a free software update to the Echo speakers and Ring cameras people already have in their homes.”

To take advantage of those half-mile range 900MHz connections, though, one must have newer devices: a Ring Spotlight or Floodlight cam, the fourth generation Echo smart speaker, or Echo Show 10 smart display. (More will follow, of course.) These users will also contribute bandwidth to the cause, but Amazon was wise enough to provide an opt-out option. Not everyone’s community spirit will extend to their Wi-Fi connection, no matter how little bandwidth Sidewalk will use (which is very little, compared to streaming and other functions). Since the change will come in the form of a software update, anyone who wants to decline may have to be on the lookout for that update and find the appropriate checkbox.

Some users will have security concerns, and the company has worked to address them. The Sidewalk server only gets to see packets’ destination information, we’re told, but not any of the actual device data, which will travel under three layers of encryption. They promise to delete routing information every 24 hours. Here is the PDF of the company’s white paper addressing privacy and security for Sidewalk. Customers will have to trust Amazon to safeguard their data for Sidewalk to take off, it tells us. Considering how many have already incorporated the company’s digital potential spies into their homes, we think the project has a good chance at success.

Cynthia Murrell, October 13, 2020

Amazon Policeware: Is the Online Bookseller a Corporate Nation State with Policeware?

October 12, 2020

Who knows if the statements in “Leaked: Confidential Amazon Memo Reveals New Software to Track Unions.” Would a company create policeware to spy on employees? Possibly, but DarkCyber thinks that Amazon’s policeware is simply being repurposed. The Bezos bulldozer is a digital nation state, and some governance methods embrace data gathering, analytics, and predictive outputs. The idea is to be in front of trends, actions, and groups. Nothing new about this.

The write up, however, revels in the “confidential” document and places it in a zippy socio-political context. DarkCyber noted this passage:

The new tool would also track other non-union threats to the company, like crime and weather.

The operative word is “new.” In our analysis of Amazon’s policeware and intelware innovations, the “new” mischaracterizes products, services, partnerships, and features under development for more than a decade. My Amazon policeware lectures for the 2020 National Cyber Crime Conference plus some other presentations for LE and intel professionals have walked through some of the capabilities of the AWS policeware platform. (Want to know more? Write benkent2020 at yahoo dot com. Options and prices will be provided to qualified inquirers.)

The write up reports:

The new technology system — called the geoSPatial Operating Console, or SPOC — would help the company analyze and visualize at least around 40 different data sets, the memo says. Among them are many related to unions, including “Whole Foods Market Activism/Unionization Efforts,” “union grant money flow patterns,” “and “Presence of Local Union Chapters and Alt Labor Groups.” Additionally, one of the potential use cases for the tool is described in the memo as “The Union Relationship Map,” though no other details are provided.

Snappy name but the plumbing is in operation. Here’s a test question for the intrepid “real” journalists bandying the word “new” hither and yon. “What cloud service provides the back end, content processing, and other analytic features for GeoSpark Analytics?” You have one minute to write your answer in your blue book.

And where, pray tell, is the source document?

Interesting but the Amazon policeware and intelware platform is overlooked. Why? One does not know what one does not know I presume.

Stephen E Arnold, October 12, 2020

Google and Its User Privacy: Happy Hunting

October 4, 2020

DarkCyber spotted an open source intelligence tool called GHunt. By the time an open source software becomes publicly available, DarkCyber believes that hardened systems and methods are integrated into specialized policeware and intelware systems. If you want to try to learn more about a particular Google email user, for instance, you may want to take a look at GHunt. There are screenshots and basic information available on Github. Google appears to be taking steps to address some of the “features” which the GHunt software taps. Some interesting open source software becomes available and then disappears; for example, DARPA Memex tools have evidenced this type of behavior. If you want this tool, DarkCyber suggests you move along in a sprightly manner.

Stephen E Arnold, October 4, 2020

Palantir Technologies: Minor Questions Remain

October 1, 2020

DarkCyber noted “Techie Software Soldier Spy: Palantir, Big Data’s Scariest, Most Secretive Unicorn, Is Going Public. But Is Its Crystal Ball Just Smoke and Mirrors?” The write up joins the caravan of publications digging into the ins and outs of the intelware business.

There are precedents for a vendor of specialized services becoming a public company. One example is Verint, and there are others. Sometimes the lineage of an intelware company can be difficult to figure out. There are start ups in Cypress; there are partnerships in Herzliya; and there are Byzantine limited liability operations in midtown Manhattan.

What’s striking about Palantir is that the coverage has been content with the jazzy bits. DarkCyber understands the need to create buzz and capture eyeballs. The write up uses an interesting quotation from Admiral Poindexter, an interesting person who may be qualified to explain intelware:

“When I talked to Peter Thiel early on, I was impressed with the design and the ideas they had for the user interface,” Poindexter told me recently. “But I could see they didn’t have — well, as you call it, the back end, to automatically sort through the data and eliminate that tedious task for the users. And my feedback from the people who used it at the time, they were not happy with it at all. It was just much too manual.”

DarkCyber wondered:

  1. Why the write up did not explore the i2 Analyst’s Notebook vs.. Palantir legal matter. That activity suggested that Palantir may have had some interest in a proprietary file format and allegedly worked in interesting ways to obtain closely guarded information. A related question is, “Why would bright start up engineers resort to allegedly questionable methods to figure out a file format?” Too bad the write up ignores a legal matter which illuminates Palantir’s methods.
  2. Why is Palantir running into the revenue ceiling which other vendors of search and content processing systems for government entities hit? Are there too few customers? Did Autonomy, another search and content processing company, bumped into the revenue ceiling too? Is there a elephant standing in a pool of red ink in the accounting departments of some search and content processing companies?
  3. Why are intelware vendors offering their products and services under generous free trials programs to the known customers with allocated funds for such systems? And in parallel, the vendors are working overtime to find someone with deep pockets to buy these start ups?
  4. How similar are the products and services of intelware vendors? Why is innovation confined to graphics and innovation confined to recycling ideas in circulation for decades? One of the DarkCyber team observed, “Isn’t Palantir Gotham Titan the old Analyst’s Notebook with a pop up wheel on the right mouse button?” (I hire skeptical and maybe slightly cynical engineers I think.)
  5. Could it be that in the “real world” of fast-moving events the intelware vendors’ products don’t work all that well? Is it time for deeper analysis of comparable products and services? How does Palantir stack up against Voyager Labs’ offerings or the the LookingGlass system.
  6. Why doesn’t smart software do a better job of importing data? What has Datawalk figured out that eludes the Palantirians?
  7. Why do some Palantir Gotham installations remain idle? Is it because even the simpler interface is too quirky to use when real-time events generate pressure? Is it difficult for some licensees to allocate staff to use the system in order to become masters of the dataverse?
  8. Why haven’t Wall Street pushes generated more revenue? What happened to the Thomson Reuters’ deal?
  9. How long did it take Palantir to stand up its first version of its system after the core team decided the move forward with Gotham? (If you know the answer, write benkent2020 @ yahoo dot com. We know the answer and the winner will receive a copy of CyberOSINT: Next Generation Information Access. Free too. Almost like a trial of the products and services from an intelware start up.)

There are other questions the DarkCyber team considers important as well. Perhaps a “real news” outfit will dig into the intelware market, track the technologies, the inter-company tie ups, and the use cases or in some cases the dis-use cases for these products and services?

DarkCyber, however, finds the idea of Palantir’s going public interesting. Was the point of the exercise financial escape for increasingly concerned investors and grousing employees? Too many questions and too few answers still I think.

Stephen E Arnold, October 1, 2020

The Future of Twitter Revealed

September 30, 2020

Twitter is an interesting outfit. Forbes (the capitalist tool, I believe) published “Bitcoin and Blockchain Are the Future of Twitter, CEO Jack Dorsey Reveals”. Twitter is an interesting outfit; for example, it has a new chief information security officer. That’s a good idea, maybe too late for some stakeholders, but it is a step forward.

Forbes reports:

Dorsey, who… said bitcoin is “probably the best” native currency of the internet, has previously gone as far as saying bitcoin has the potential to be the world’s sole currency by 2030…. Now, speaking at the virtual Oslo Freedom Forum 2020, Dorsey has said bitcoin and its underlying decentralized blockchain technology are the future of Twitter.

Forbes quotes Twitter’s top management Zen person as saying:

“The whole spirit of bitcoin, for instance, is to provide a trusted system in a distrusted environment, which is the internet,” Dorsey said…. Earlier this month, Dorsey told Reuters bitcoin is “probably the best” native currency of the internet due to bitcoin being “consensus-driven” and “built by everyone.”

Yep, trust.

A couple of observations:

  • Twitter owns a payment system. Perhaps Mr. Dorsey’s confident assertion about the future is influenced by the method of communications and the beneficiary of the digital currency cheerleading?
  • Twitter licenses its data selectively to commercial enterprises developing products and services to assist law enforcement and intelligence agencies. With Bitcoin generally perceived as a lubricant for illegal transactions, what’s Twitter’s goal? (Check out the Geospark Analytics – Twitter deal for some color. Geofeedia has not been as fortunate as the virtual intelware vendor.)
  • How will enhanced Bitcoin capabilities assist bad actors in money laundering and other possibly questionable activities?

DarkCyber finds Twitter fascinating. A half-time CEO, a messaging system which can spark interesting social consequences, and a peculiar way of supporting law enforcement and other groups simultaneously.

Worth monitoring the dualism.

Stephen E Arnold, September 30, 2020

Always: An Alluring Notion

September 30, 2020

DarkCyber ran a short video about a product called the Dronut. It looks like a small flying donut. You can get a link to the company, its patent document, and a snippet of the promotional video for your product at this link at the 10 minute 36 second point in the show.

I was interested in “Why You Should Be Very Skeptical of Ring’s Indoor Security Drone,” an article in IEEE Spectrum. My team and I have done lectures, briefings, and even a book chapter about Amazon’s policeware and intelware activities. I know first hand that no one, not even law enforcement and intelligence officers, care.

In fact, at one digital security conference last year in San Antonio, an attendee — an Air Force intel professional — summed up the attitude of the 100 people in the lecture hall:

My wife loves Amazon. The company may have some interesting technology, but, come on, even my kids depend on Amazon videos. Amazon is not an intelware player.

Not bad for a colonel’s analytic and content processing skills, right?

I am not going to rehash our research about Amazon’s intelligence related services. I want to focus on IEEE Spectrum’s write up; for example, this statement in the article:

Ring, the smart home company owned by Amazon, announced the Always Home Cam, a “next-level indoor security” system in the form of a small autonomous drone. It costs US $250 and is designed to closely integrate with the rest of Ring’s home security hardware and software. Technologically, it’s impressive. But you almost certainly don’t want one.

Clueless? Not completely. The Amazon surveillance drone is not marketed like the Dronut. Plus, the Amazon home surveillance drone is not a standalone product. The Always Home Cam provides the equivalent of a content acquisition “paint by numbers” module to the Amazon intelware infrastructure.

Little patches of data particularized and indexed by time, location, and other metadata can be cross correlated with other information. Some information is unique to Amazon; for example, the “signal” generated by processing payment history, video viewing, and product purchase information for an account holder. The cross-correlation (Amazon’s lingo from one of its blockchain related inventions) makes it possible to perform the type of analytic work associated with intelligence analysis software and subject matter experts.

The article notes:

Ring hasn’t revealed a lot of details on the drone itself, but here’s what we can puzzle out. My guess is that there’s a planar lidar right at the top that the drone uses to localize, and that it probably has a downward-looking camera as well. Ring says that you pre-map the areas that you want the drone to fly in, which works because the environment mostly doesn’t change. It’s also nice that you don’t have to worry about weather, and minimal battery life isn’t a big deal since you don’t need to fly for very long and the recharging dock is always close by. I like that the user can only direct the drone to specific waypoints rather than piloting it directly, which (depending on how well the drone actually performs) should help minimize crashes.

The author is either ignoring UAS characteristics of surveillance devices or unaware of those conventions. The write up does reference to the challenge of avoiding mobile cameras. The parallel between Amazon’s in home UAS and a telepresence robot misses the point. The data, not the device, are the story. At least the author reaches a reasonable conclusion:

But is it worth $250, questionably better security versus cheap static cameras, and a much larger potential for misuse or abuse? I’m not convinced.

If you are interested in a one hour briefing about Amazon’s policeware and intelware initiative, write benkent2020 at yahoo dot com. Someone on the DarkCyber team will respond with options and fees.

On the other hand, why not be like the intel colonel, “What’s the big deal?”

Stephen E Arnold, September 28, 2020

Body Cameras: A Study Review

September 22, 2020

Anyone interested in the use of body cams by police should check out this review of 30 studies assembled by Campbell Collaboration—“The Impacts of Body-Worn Cameras in Policing.” Adoption of body cameras by police has risen steeply over the last decade as costs have decreased and concern about police misconduct have escalated. While the intention is to increase transparency and accountability, some have been concerned the practice would discourage the reporting of crimes or cause officers to hesitate to take appropriate proactive or preventative measures.

The review summarizes studies that used either randomized controlled trials or quasi-experimental research designs that measured police or citizen behaviors. The studies reported on a dozen different types of outcome measures and examine 116 effects of the cameras on those outcomes. Most were conducted in single jurisdictions in the US.

So, is the use of body cams doing more good than harm? The write-up summarizes the findings:

“BWCs are one of the most rapidly diffusing and costly technologies used by police agencies today. This review questions whether BWCs bring the expected benefits to the police and their communities. Existing research does not evaluate whether police accountability or police-citizen relationships are strengthened by BWCs. Much more knowledge is needed about when BWCs do create desired effects, and whether they are cost-effective. … For the many police agencies that have already purchased BWCs, researchers should continue testing for ways in which both police and citizens might gain benefits from the cameras’ continued use. These could include limiting the discretion that officers have with BWC use, using BWCs for coaching, training or evidentiary purposes, and finding ways that BWCs can be used to strengthen police-citizen relationships, internal investigations, or accountability systems.”

Count that as a definite maybe. To read the report in full, navigate to its Wiley Online Library page.

Cynthia Murrell, September 22, 2020

Predictive Policing: A Work in Progress or a Problem in Action?

September 2, 2020

Amid this year’s protests of police brutality, makers of crime-predicting software took the occasion to promote their products as a solution to racial bias in law enforcement. The Markup ponders, “Data-Informed Predictive Policing Was Heralded as Less Biased. Is It?” Writer Annie Gilbertson observes, as we did, that more than 1,400 mathematicians signed on to boycott predictive policing systems. She also describes problems discovered by researchers at New York University’s AI Now Institute:

“‘Police data is open to error by omission,’ [AI Now Director Rashida Richardson] said. Witnesses who distrust the police may be reluctant to report shots fired, and rape or domestic violence victims may never report their abusers. Because it is based on crime reports, the data fed into the software may be less an objective picture of crime than it is a mirror reflecting a given police department’s priorities. Law enforcement may crack down on minor property crime while hardly scratching the surface of white-collar criminal enterprises, for instance. Officers may intensify drug arrests around public housing while ignoring drug use on college campuses. Recently, Richardson and her colleagues Jason Schultz and Kate Crawford examined law enforcement agencies that use a variety of predictive programs. They looked at police departments, including in Chicago, New Orleans, and Maricopa County, Ariz., that have had problems with controversial policing practices, such as stop and frisk, or evidence of civil rights violations, including allegations of racial profiling. They found that since ‘these systems are built on data produced during documented periods of flawed, racially biased, and sometimes unlawful practices and policies,’ it raised ‘the risk of creating inaccurate, skewed, or systemically biased data.’”

The article also looks at a study from 2016 by the Royal Statistical Society. Researchers supplied PredPol’s algorithm with arrest data from Oakland California, a city where estimated drug use is spread fairly evenly throughout the city’s diverse areas. The software’s results would have had officers target Black neighborhoods at about twice the rate of white ones. The team emphasized the documented harm over-policing can cause. The write-up goes on to cover a few more studies on the subject, so navigate there for those details. Gilberston notes that concerns about these systems are so strong that police departments in at least two major cities, Chicago and Los Angeles, have decided against them. Will others follow suit?

Cynthia Murrell, September 2, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta