Agency Cloud Extraction Tools Repeatedly Searches Your Information

REPOST: 

What is on my radar?

A new report from Privacy International paints a picture of a largely opaque, unaccountable system of surveillance technology used by government agencies online. So-called “cloud extraction” tools are largely unknown to the public and subject to relatively low levels of oversight but are used regularly to analyze and extract private data from all of the major cloud services.

This new application of surveillance technology is concerning in its scope and in terms of issues of consent. A search of a device is no longer a one-time event when these tools are used; the party being searched may now also be having any or all of their cloud accounts accessed, and may be subject to ongoing monitoring and repeated searches.

What is cloud extraction?

Cloud extraction works by lifting authentication tokens off of a mobile device or computer that government agencies have physical access to, for example during a search of a suspect.

A new report from Privacy International paints a picture of a largely opaque, unaccountable system of surveillance technology used by government agencies online. So-called “cloud extraction” tools are largely unknown to the public and subject to relatively low levels of oversight but are used regularly to analyze and extract private data from all of the major cloud services.

This new application of surveillance technology is concerning in its scope and in terms of issues of consent. A search of a device is no longer a one-time event when these tools are used; the party being searched may now also be having any or all of their cloud accounts accessed, and may be subject to ongoing monitoring and repeated searches.

Cloud extraction works by lifting authentication tokens off of a mobile device or computer that government agencies have physical access to, for example during a search of a suspect.

Authentication tokens for various cloud services can remain active for weeks at a time, and in some cases are permanent. If the investigating agency can extract these tokens, they do not need to coerce the subject into giving up login information; if they already have login information, they can maintain ongoing access even if the subject later changes their password. This also allows them to circumvent most two-factor authentication (2FA) measures.

Cloud extraction tools such as GTEX, Cellebrite, UFED, and KeyScout will automatically comb computers and devices for login credentials saved to cookies, browsers, and other applications. These tools can not only snap up existing tokens but in some cases also create new tokens from what they find.

What kind of data is accessed?

Cloud extraction tools can open the doors to files stored with nearly all of the major cloud services: Google Drive, Dropbox, Facebook, Slack, various web-based email services and more. These tools can also mine data from voice assistants such as Google Home and Alexa, and fitness trackers such as FitBit. But this goes far beyond simple access to files. As the report points out, getting access to a Google account in this way also allows investigators to potentially track searches, location history, browser history, instant messaging records and more. Anything visible to the account holder when logged in is also available to the investigator – including encrypted messages. Some of these cloud extraction services have also added facial recognition and matching capabilities. At least one tool, from Oxygen Forensics, claims to offer emotion recognition as part of the services. This type of surveillance technology allows investigators to not just access a huge amount of existing information, but also to surreptitiously track targets on an ongoing basis. They can repeatedly access the cloud accounts to check on location data, new calls, new messages, and videos and pictures that the subject takes among other possibilities. Most subjects will not be aware that they are being tracked in this manner after the initial physical search occurs.

Troubling surveillance technology

In a U.K. poll commissioned by Privacy International, about half of users of mobile phones in the country are not aware of where their cloud data is stored, and nearly half believe that their mobile apps are not generating data that is stored in the cloud. About the same amount feel that they do not have a good understanding of how cloud-based systems work.

Most people are likely not aware that these agencies have this level of surveillance technology or that it is legal for them to use it in this way. If they consent to a search of their device, they may not be aware of the extent of the cloud data they are granting access to or that they are effectively giving permission to continual tracking of their private online activity.

Camilla Graham Wood, solicitor at Privacy International states:

“We are only just starting to gain a modicum of transparency around law enforcement use of mobile phone extraction, yet there are new concerning technologies on the horizon such as cloud extraction, about which very little is known.

“Cloud extraction technologies give law enforcement the ability to access eye-watering amounts of highly sensitive personal data, not only about individuals, but also their friends, colleagues, and acquaintances. Concerningly, such technology also allows authorities to deploy facial recognition tech across people’s media as well as the ability to conduct continuous monitoring of an individual’s social media without them ever knowing.

“Much of this data is uploaded to the cloud, often without our knowledge, by the big tech companies. This risks making our personal data more vulnerable, not more secure. There is an urgent need for the companies who we entrust with our data to ensure they protect it from the tech which can be operated by unskilled operatives at the push of a button.

It is a matter of urgency that law enforcement act with a greater degree of transparency in relation to the new forms of surveillance they are using and that laws which are designed to protect against abuses are updated.”

The cloud extraction firms offer this surveillance technology internationally and are located all over the world: for example, Oxygen Forensics is based in the United States, Cellebrite is based in Israel, and Elcomsoft is headquartered in Moscow.

Privacy International has requested that 17 of the largest tech companies that this surveillance technology claims to have access to, such as Google and Facebook, to take a public position on its use. The group is advocating for greater transparency and legal safeguards, urging UK citizens to contact their local law enforcement agencies and ask about their cloud extraction technology and policies.

___________________________________________________________


 

 REVISED EDITION “Electromagnetic Radiation Protection Solutions” NOW IN PAPERBACK AND KINDLE

 
7- Thunders Revealed” NOW IN PAPERBACK AND KINDLE
 
Special price combo of both books together eBook only

 

The best way to support my work is through Patreon or PayPal

Thank you to my patrons who make my writings possible.  You are each precious soul to my heart. 

I will be a Key Note speaker at:

GenSix True Legends 2020:  Ancient Cataclysms and Coming Catastrophes-Early Bird Special:  SALE PRICE at only $110. Midnight January 31st these will go up to $130 EACH


Celeste has worked as a contractor for Homeland Security and FEMA. Her training and activations include the infamous day of 911, flood and earthquake operations, mass casualty exercises, and numerous other operations. Celeste is FEMA certified and has completed the Professional Development Emergency Management Series.

  • Train-the-Trainer
  • Incident Command
  • Integrated EM: Preparedness, Response, Recovery, Mitigation
  • Emergency Plan Design including all Emergency Support Functions
  • Principles of Emergency Management
  • Developing Volunteer Resources
  • Emergency Planning and Development
  • Leadership and Influence, Decision Making in Crisis
  • Exercise Design and Evaluation
  • Public Assistance Applications
  • Emergency Operations Interface
  • Public Information Officer
  • Flood Fight Operations
  • Domestic Preparedness for Weapons of Mass Destruction
  • Incident Command (ICS-NIMS)
  • Multi-Hazards for Schools
  • Rapid Evaluation of Structures-Earthquakes
  • Weather Spotter for National Weather Service
  • Logistics, Operations, Communications
  • Community Emergency Response Team Leader
  • Behavior Recognition

Celeste grew up in military & governmental home with her father working for the Naval Warfare Center, and later as Assistant Director for Public Lands and Natural Resources, in both Washington State and California.

Celeste also has training and expertise in small agricultural lobbying, Integrative/Functional Medicine, asymmetrical and symmetrical warfare, and Organic Farming.

EMF Protection

My educational eBooks

Prep Resources for the Climate Chaos

Climate Revolution:  The Grand Solar Minimum

Trusted Source CBD Oil