Chinese border guards put secret surveillance app on tourists’ phones

[Hamartia Antidote]

https://amp.theguardian.com/world/2019/jul/02/chinese-border-guards-surveillance-app-tourists-phones

Chinese border police are secretly installing surveillance apps on the phones of visitors and downloading personal information as part of the government’s intensive scrutiny of the remote Xinjiang region, the Guardian can reveal.

The Chinese government has curbed freedoms in the province for the local Muslim population, installing facial recognition cameras on streets and in mosques and reportedly forcing residents to download software that searches their phones.

An investigation by the Guardian and international partners has found that travellers are being targeted when they attempt to enter the region from neighbouring Kyrgyzstan.


Border guards are taking their phones and secretly installing an app that extracts emails, texts and contacts, as well as information about the handset itself.

Tourists say they have not been warned by authorities in advance or told about what the software is looking for, or that their information is being taken.

The investigation, with partners including Süddeutsche Zeitung and the New York Times, has found that people using the remote Irkeshtam border crossing into the country are routinely having their phones screened by guards.


Edin Omanović, of the campaign group Privacy International, described the findings as “highly alarming in a country where downloading the wrong app or news article could land you in a detention camp”.



Analysis by the Guardian, academics and cybersecurity experts suggests the app, designed by a Chinese company,searches Android phones against a huge list of content that the authorities view as problematic.

This includes a variety of terms associated with Islamist extremism, including Inspire, the English-language magazine produced by al-Qaida in the Arabian Peninsula, and various weapons operation manuals.

However, the surveillance app also searches for information on a range of other material – from fasting during Ramadan to literature by the Dalai Lama, and music by a Japanese metal band called Unholy Grave.

Another file on the list is a self-help manual by the American writer Robert Greene called The 33 Strategies of War.


About 100 million people visit the Xinjiang region every year, according to Chinese authorities. These include domestic and foreign tourists, and most enter from elsewhere in the country.

The Irkeshtam crossing is China’s most westerly border and is used by traders and tourists, some following the historic Silk Road


There are several stages to crossing, and at one travellers are made to unlock and hand over their phones and other devices such as cameras. The devices are then taken away to a separate room and returned some time later.

The iPhones are plugged into a reader that scans them, while Android phones have the app installed to do the same job.

It seems that in most cases the app is uninstalled before the phone is returned, but some travellers have found it still on their phone.

It is unclear where all extracted information goes and for how long it is stored.

While there is no evidence that the data is used to track people later in their journeys, the information it collects would allow the authorities to locate someone if used together with details of the phone’s location.

The app as it appears on Android phones.Photograph: Süddeutsche Zeitung


It appears with the default Android icon and the words 蜂采 (Fēng cǎi); the term has no direct English translation, but relates to bees collecting honey.

The Guardian spoke to a traveller who had crossed the border to Xinjiang this year with an Android phone and was disturbed to see the app installed on his phone.

He said he had been asked to hand over his phone at the checkpoint, and it had been taken into a separate room. He and all the other travellers at that checkpoint had also been asked to hand their pin numbers to the officials, and had waited about an hour to have their phones returned.

The app icon, right


At no point were they told what was being done to the phones.

He had been told by an international travel agent and by tourist information in Kyrgyzstan that something would happen with his phone at the border.


“We thought it was a GPS tracker,” he said. “[The travel company] was pretty sure we were going to have this thing put in.”

He checked his phone when it was handed back and found the app immediately.

“There was another checkpoint about two hours away and I was thinking that maybe they had downloaded things and they would have all of their analysts going through it all while we were travelling, and then maybe they [would] send people back when they got to the next place.”


The traveller said he had not been asked to hand over the phone at any other point during his visit, nor when he departed from China. He said he had not been concerned about carrying the phone with him, as there was so much overt surveillance in the region. He added: “I don’t like it. If they were doing it in my home country I would be aghast, but when you are travelling to China you know it might be like this.”

All of the installations confirmed by the Guardian and its partners were on Android phones, but travellers report that iPhones were also taken by officers.

Omanovic said: “This is yet another example of why the surveillance regime in Xinjiang is one of the most unlawful, pervasive and draconian in the world.

“Modern extraction systems take advantage of this to build a detailed but flawed picture into people’s lives. Modern apps, platforms and devices generate huge amounts of data which people likely aren’t even aware of or believe they have deleted, but which can still be found on the device.”



Maya Wang, China senior researcher at Human Rights Watch, said: “We already know that Xinjiang residents, particularly Turkic Muslims–, are subjected to round-the-clock and multidimensional surveillance in the region.

“What you have found goes beyond that. It suggests that even foreigners are subjected to such mass and unlawful surveillance.”

The use of the app came to light after travellers took their phone to reporters in Germany.

Analysis of that software by the Guardian, Süddeutsche Zeitung, Ruhr-University Bochum and the German cybersecurity firm Cure53 suggested it was designed to upload information such as emails on to a server at the border office.

The Chinese authorities were contacted for comment but there was no reply by the time of publication.

Previously the Chinese government has defended its hi-tech surveillance of citizens in Xinjiang, saying it has improved security in the region.

 

[Akasa]

Time to place a JASSM-ER missile into the office that designed this app as well as those that surveil and monitor it. Appalling that this would happen in this day and age.

 

[Hamartia Antidote]

Time to place a JASSM-ER missile into the office that designed this app as well as those that surveil and monitor it. Appalling that this would happen in this day and age.

Oh don't worry...when Huawei releases their own version of Android that pesky icon will be invisible so you won't notice it. Out of sight out of mind.

 

[Ahmet Pasha]

I fkin hate those two faced gook muslim killers.

 

[zectech]

suggested it was designed to upload information such as emails on to a server at the border office.


How dare they act like the criminals in Washington:

XKeyscore: NSA tool collects 'nearly everything a user does on the internet'

XKeyscore gives 'widest-reaching' collection of online data
• NSA analysts require no prior authorization for searches
• Sweeps up emails, social media activity and browsing history
• NSA's XKeyscore program – read one of the presentations

A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden.

The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet.

The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.

The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10.

"I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".

US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."

But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.

XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.

Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.

Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets. But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.

One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.

https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data

NSA stores metadata of millions of web users for up to a year, secret files show

• Vast amounts of data kept in repository codenamed Marina
• Data retained regardless of whether person is NSA target
• Material used to build 'pattern-of-life' profiles of individuals
• What is metadata? Find out with our interactive guide
The National Security Agency is storing the online metadata of millions of internet users for up to a year, regardless of whether or not they are persons of interest to the agency, top secret documents reveal.

Metadata provides a record of almost anything a user does online, from browsing history – such as map searches and websites visited – to account details, email activity, and even some account passwords. This can be used to build a detailed picture of an individual's life.

The Obama administration has repeatedly stated that the NSA keeps only the content of messages and communications of people it is intentionally targeting – but internal documents reveal the agency retains vast amounts of metadata.

An introductory guide to digital network intelligence for NSA field agents, included in documents disclosed by former contractor Edward Snowden, describes the agency's metadata repository, codenamed Marina. Any computer metadata picked up by NSA collection systems is routed to the Marina database, the guide explains. Phone metadata is sent to a separate system.

"The Marina metadata application tracks a user's browser experience, gathers contact information/content and develops summaries of target," the analysts' guide explains. "This tool offers the ability to export the data in a variety of formats, as well as create various charts to assist in pattern-of-life development."

The guide goes on to explain Marina's unique capability: "Of the more distinguishing features, Marina has the ability to look back on the last 365 days' worth of DNI metadata seen by the Sigint collection system, regardless whether or not it was tasked for collection." [Emphasis in original.]

On Saturday, the New York Times reported that the NSA was using its metadata troves to build profiles of US citizens' social connections, associations and in some cases location, augmenting the material the agency collects with additional information bought in from the commercial sector, which is is not subject to the same legal restrictions as other data.

The ability to look back on a full year's history for any individual whose data was collected – either deliberately or incidentally – offers the NSA the potential to find information on people who have later become targets. But it relies on storing the personal data of large numbers of internet users who are not, and never will be, of interest to the US intelligence community.

Marina aggregates NSA metadata from an array of sources, some targeted, others on a large scale. Programs such as Prism – which operates through legally compelled "partnerships" with major internet companies – allow the NSA to obtain content and metadata on thousands of targets without individual warrants.

The NSA also collects enormous quantities of metadata from the fibre-optic cables that make up the backbone of the internet. The agency has placed taps on undersea cables, and is given access to internet data through partnerships with American telecoms companies.

About 90% of the world's online communications cross the US, giving the NSA what it calls in classified documents a "home-field advantage" when it comes to intercepting information.

By confirming that all metadata "seen" by NSA collection systems is stored, the Marina document suggests such collections are not merely used to filter target information, but also to store data at scale.

A sign of how much information could be contained within the repository comes from a document voluntarily disclosed by the NSA in August, in the wake of the first tranche of revelations from the Snowden documents.

The seven-page document, titled "The National Security Agency: Missions, Authorities, Oversight and Partnerships", says the agency "touches" 1.6% of daily internet traffic – an estimate which is not believed to include large-scale internet taps operated by GCHQ, the NSA's UK counterpart.

The document cites figures from a major tech provider that the internet carries 1,826 petabytes of information per day. One petabyte, according to tech website Gizmodo, is equivalent to over 13 years of HDTV video.

"In its foreign intelligence mission, NSA touches about 1.6% of that," the document states. "However, of the 1.6% of the data, only 0.025% is actually selected for review.

"The net effect is that NSA analysts look at 0.00004% of the world's traffic in conducting their mission – that's less than one part in a million."

However, critics were skeptical of the reassurances, because large quantities of internet data is represented by music and video sharing, or large file transfers – content which is easy to identify and dismiss without entering it into systems. Therefore, the NSA could be picking up a much larger percentage of internet traffic that contains communications and browsing activity.
Journalism professor and internet commentator Jeff Jarvis noted: "[By] very rough, beer-soaked-napkin numbers, the NSA's 1.6% of net traffic would be half of the communication on the net. That's one helluva lot of 'touching'."

Much of the NSA's data collection is carried out under section 702 of the Fisa Amendments Act. This provision allows for the collection of data without individual warrants of communications, where at least one end of the conversation, or data exchange, involves a non-American located outside the US at the time of collection.

The NSA is required to "minimize" the data of US persons, but is permitted to keep US communications where it is not technically possible to remove them, and also to keep and use any "inadvertently" obtained US communications if they contain intelligence material, evidence of a crime, or if they are encrypted.

The Guardian has also revealed the existence of a so-called "backdoor search loophole", a 2011 rule change that allows NSA analysts to search for the names of US citizens, under certain circumstances, in mass-data repositories collected under section 702.
According to the New York Times, NSA analysts were told that metadata could be used "without regard to the nationality or location of the communicants", and that Americans' social contacts could be traced by the agency, providing there was some foreign intelligence justification for doing so.

The Guardian approached the NSA with four specific questions about the use of metadata, including a request for the rationale behind storing 365 days' worth of untargeted data, and an estimate of the quantity of US citizens' metadata stored in its repositories.

But the NSA did not address any of these questions in its response, providing instead a statement focusing on its foreign intelligence activities.

"NSA is a foreign intelligence agency," the statement said. "NSA's foreign intelligence activities are conducted pursuant to procedures approved by the US attorney general and the secretary of defense, and, where applicable, the foreign intelligence surveillance (Fisa) court, to protect the privacy interests of Americans.

"These interests must be addressed in the collection, retention, and dissemination of any information. Moreover, all queries of lawfully collected data must be conducted for a foreign intelligence purpose."

It continued: "We know there is a false perception out there that NSA listens to the phone calls and reads the email of everyday Americans, aiming to unlawfully monitor or profile US citizens. It's just not the case.

"NSA's activities are directed against foreign intelligence targets in response to requirements from US leaders in order to protect the nation and its interests from threats such as terrorism and the proliferation of weapons of mass destruction."

https://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents

NSA has been doing what China did, but has been doing it for years, and collecting everything onto servers.

 

[Telescopic Sight]

suggested it was designed to upload information such as emails on to a server at the border office.


How dare they act like the criminals in Washington:

XKeyscore: NSA tool collects 'nearly everything a user does on the internet'

XKeyscore gives 'widest-reaching' collection of online data
• NSA analysts require no prior authorization for searches
• Sweeps up emails, social media activity and browsing history
• NSA's XKeyscore program – read one of the presentations

A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden.

The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet.

The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.

The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10.

"I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".

US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."

But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.

XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.

Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.

Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets. But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.

One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.

https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data

NSA stores metadata of millions of web users for up to a year, secret files show

• Vast amounts of data kept in repository codenamed Marina
• Data retained regardless of whether person is NSA target
• Material used to build 'pattern-of-life' profiles of individuals
• What is metadata? Find out with our interactive guide
The National Security Agency is storing the online metadata of millions of internet users for up to a year, regardless of whether or not they are persons of interest to the agency, top secret documents reveal.

Metadata provides a record of almost anything a user does online, from browsing history – such as map searches and websites visited – to account details, email activity, and even some account passwords. This can be used to build a detailed picture of an individual's life.

The Obama administration has repeatedly stated that the NSA keeps only the content of messages and communications of people it is intentionally targeting – but internal documents reveal the agency retains vast amounts of metadata.

An introductory guide to digital network intelligence for NSA field agents, included in documents disclosed by former contractor Edward Snowden, describes the agency's metadata repository, codenamed Marina. Any computer metadata picked up by NSA collection systems is routed to the Marina database, the guide explains. Phone metadata is sent to a separate system.

"The Marina metadata application tracks a user's browser experience, gathers contact information/content and develops summaries of target," the analysts' guide explains. "This tool offers the ability to export the data in a variety of formats, as well as create various charts to assist in pattern-of-life development."

The guide goes on to explain Marina's unique capability: "Of the more distinguishing features, Marina has the ability to look back on the last 365 days' worth of DNI metadata seen by the Sigint collection system, regardless whether or not it was tasked for collection." [Emphasis in original.]

On Saturday, the New York Times reported that the NSA was using its metadata troves to build profiles of US citizens' social connections, associations and in some cases location, augmenting the material the agency collects with additional information bought in from the commercial sector, which is is not subject to the same legal restrictions as other data.

The ability to look back on a full year's history for any individual whose data was collected – either deliberately or incidentally – offers the NSA the potential to find information on people who have later become targets. But it relies on storing the personal data of large numbers of internet users who are not, and never will be, of interest to the US intelligence community.

Marina aggregates NSA metadata from an array of sources, some targeted, others on a large scale. Programs such as Prism – which operates through legally compelled "partnerships" with major internet companies – allow the NSA to obtain content and metadata on thousands of targets without individual warrants.

The NSA also collects enormous quantities of metadata from the fibre-optic cables that make up the backbone of the internet. The agency has placed taps on undersea cables, and is given access to internet data through partnerships with American telecoms companies.

About 90% of the world's online communications cross the US, giving the NSA what it calls in classified documents a "home-field advantage" when it comes to intercepting information.

By confirming that all metadata "seen" by NSA collection systems is stored, the Marina document suggests such collections are not merely used to filter target information, but also to store data at scale.

A sign of how much information could be contained within the repository comes from a document voluntarily disclosed by the NSA in August, in the wake of the first tranche of revelations from the Snowden documents.

The seven-page document, titled "The National Security Agency: Missions, Authorities, Oversight and Partnerships", says the agency "touches" 1.6% of daily internet traffic – an estimate which is not believed to include large-scale internet taps operated by GCHQ, the NSA's UK counterpart.

The document cites figures from a major tech provider that the internet carries 1,826 petabytes of information per day. One petabyte, according to tech website Gizmodo, is equivalent to over 13 years of HDTV video.

"In its foreign intelligence mission, NSA touches about 1.6% of that," the document states. "However, of the 1.6% of the data, only 0.025% is actually selected for review.

"The net effect is that NSA analysts look at 0.00004% of the world's traffic in conducting their mission – that's less than one part in a million."

However, critics were skeptical of the reassurances, because large quantities of internet data is represented by music and video sharing, or large file transfers – content which is easy to identify and dismiss without entering it into systems. Therefore, the NSA could be picking up a much larger percentage of internet traffic that contains communications and browsing activity.
Journalism professor and internet commentator Jeff Jarvis noted: "[By] very rough, beer-soaked-napkin numbers, the NSA's 1.6% of net traffic would be half of the communication on the net. That's one helluva lot of 'touching'."

Much of the NSA's data collection is carried out under section 702 of the Fisa Amendments Act. This provision allows for the collection of data without individual warrants of communications, where at least one end of the conversation, or data exchange, involves a non-American located outside the US at the time of collection.

The NSA is required to "minimize" the data of US persons, but is permitted to keep US communications where it is not technically possible to remove them, and also to keep and use any "inadvertently" obtained US communications if they contain intelligence material, evidence of a crime, or if they are encrypted.

The Guardian has also revealed the existence of a so-called "backdoor search loophole", a 2011 rule change that allows NSA analysts to search for the names of US citizens, under certain circumstances, in mass-data repositories collected under section 702.
According to the New York Times, NSA analysts were told that metadata could be used "without regard to the nationality or location of the communicants", and that Americans' social contacts could be traced by the agency, providing there was some foreign intelligence justification for doing so.

The Guardian approached the NSA with four specific questions about the use of metadata, including a request for the rationale behind storing 365 days' worth of untargeted data, and an estimate of the quantity of US citizens' metadata stored in its repositories.

But the NSA did not address any of these questions in its response, providing instead a statement focusing on its foreign intelligence activities.

"NSA is a foreign intelligence agency," the statement said. "NSA's foreign intelligence activities are conducted pursuant to procedures approved by the US attorney general and the secretary of defense, and, where applicable, the foreign intelligence surveillance (Fisa) court, to protect the privacy interests of Americans.

"These interests must be addressed in the collection, retention, and dissemination of any information. Moreover, all queries of lawfully collected data must be conducted for a foreign intelligence purpose."

It continued: "We know there is a false perception out there that NSA listens to the phone calls and reads the email of everyday Americans, aiming to unlawfully monitor or profile US citizens. It's just not the case.

"NSA's activities are directed against foreign intelligence targets in response to requirements from US leaders in order to protect the nation and its interests from threats such as terrorism and the proliferation of weapons of mass destruction."

https://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents

NSA has been doing what China did, but has been doing it for years, and collecting everything onto servers.

Ok, pack it up guys, the Chinese fellow ( oops , " Italian ") says this is ok to do, since USA did it too.

Now time for CHina to bring in Slavery, after all US did that too, right?

 

[zectech]

What about no extradition from the territory of Puerto Rico to the Washington regime.

What about no spying on foreigners by the NSA.

NSA stops controversial program that searches Americans' emails
The government's surveillance court previously warned the National Security Agency (NSA) that searching Americans' emails and text messages that were collected domestically would not be constitutional.

https://www.zdnet.com/article/nsa-to-end-controversial-program-that-searches-americans-emails/

The domestic spying on Americans was deemed unlawful, but the criminals in Washington still spy on Pakistanis and other foreigners to read their emails and spy in other ways.