When 27-year-old Samy Kamkar—a security researcher who famously made one million Myspace friends in a single day—heard the announcement on Sunday that Amazon was planning to start delivering packages via drone in 2015, he had an idea. He knew that whenever new technology, like drones, becomes popular quickly, there are bound to be security flaws. And he claims that he found one within 24 hours and promptly exploited it: America, meet the zombie drone that Kamkar says hunts, hacks, and takes over nearby drones. With enough hacks, a user can allegedly control an entire zombie drone army capable of flying in any direction, taking video of your house, or committing mass drone-suicide.
"I've been playing with drones for a few years," Kamkar, who is based in Los Angeles, tells Mother Jones. "I'm sure that with most of the drones out there, if you scrutinize the security, you'll find some kind of vulnerability." Kamkar says that the Amazon announcement was an opportunity to point out that drone security has room for improvement.
Kamkar's hack, also known as "Skyjack," was performed on a Parrot AR Drone 2 (More than 500,000 Parrot drones have been sold since 2010, and it's been used to help collected flight data for the European Space Agency.) It's unknown what kind of drone Amazon will end up using, but these drones have high-definition photo and video, a flying range of about 165 feet, and can be controlled using an iPhone or an iPad. Kamkar equipped his drone with a battery, a wireless transmitter, and a Raspberry Pi computer—the total of which costs about $400, including the drone. Then, he wrote software (which he made available on the open-source website GitHub, for anyone to use) that he says allows his drone to find wireless signals of other Parrot drones in the area and disconnect the wireless connection of another drone's original user, giving Kamkar—or any user with the software—control over both drones. The drones can even be forced to self-deactivate and drop out of the sky. "How fun would it be to take over drones carrying Amazon packages…or take over any other drones, and make them my little zombie drones. Awesome,"writes Kamkar.
Parrot did not respond to request for comment, but the BBC notes that, "experts said Parrot appeared to have ignored well-known guidelines" to prevent this kind of hack. Christopher Budd, a threat communications manager for Trend Micro, a data security company, tells Mother Jones that "reading what he's got, on the face of it, it certainly sounds like a plausible proof-of-concept" but says Parrot still needs to validate it.
Here's a video:
So does this mean that your Amazon blender will be attacked by a hoard of hungry zombie drones? Not necessarily: "Amazon would be able to make drones that are immune to this," Kamkar tells Mother Jones, claiming that the Parrot Drone's wi-fi system is not fully encrypted, which is a security measure that Amazon would be likely to take. (Amazon did not respond to Mother Jones request for comment.) "I just want people to be concerned enough that it forces these drone makers to take an additional look at them. When you have enough people scrutinizing technology, you're going to have added security and added attention, and that's the benefit."
That's certainly how companies have responded to Kamkar's hacks before: After he crippled Myspace in 2005 using what some called the fastest spreading virus up to that point—(he was arrested and convicted under California penal code, and Kamkar says, "community service was a blast!")—Myspace revamped its security procedures. Still, even if Amazon manages to fend off the zombie drones, it faces other obstacles—including states that have banned drones, potential collisions in urban areas, and major privacy concerns.
"Drones are an impressive piece of technology and part of me is super excited whenever I get it outside and fly it around," Kamkar says. "But part of me is a little fearful."
Not a month goes by without former National Security Agency contractor Edward Snowden, unleashing new government surveillance allegations, but on Wednesday, the Washington Post dropped a bombshell: The NSA is tracking cellphones around the world at a rate of almost five billion records per day. This revelation is particularly shocking because it affirms fears that the government is keeping tabs on the physical location of Americans. The newspaper notes that in terms of potential impact on privacy, the location-tracking report may be "unsurpassed." Here's five things you need to know from the mind-boggling new report:
1. The NSA can find you in a hotel and can probably tell if you're having an affair:
Cellphones broadcast location data to towers even when they're not being used or the GPS is turned off. The NSA gets cellphone location data by "tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones." This allows the agency to keep tabs on someone, even if he or she travels abroad with a cellphone, "into confidential business meetings or personal visits to medical facilities, hotel rooms, private homes and other traditionally protected spaces." Once the NSA has that information, it can use it to figure out who a person is visiting, where, and how often.
2. Americans are definitely being tracked, but providing the exact number is "awkward:"
Like other programs revealed by Snowden, this one is intended for foreign intelligence but nonetheless collects Americans' data, allegedly by accident. The Snowden documents do not reveal how many Americans are targeted at home and abroad. Intelligence officials told the paper that the agency can't calculate how many, and "it's awkward for us to try to provide any specific numbers." (Robert Litt, general counsel for the Office of the Director of National Intelligence, which oversees the NSA, confirmed to the Post that information isn't collected in bulk on cellphones in the United States "intentionally.")
3. All the collected location data wouldn't fit in the Library of Congress:
From the Post: "27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection."
4. Don't bother trying to hide. The NSA knows if you're trying to avoid them:
From the Post: "Like encryption and anonymity tools online, which are used by dissidents, journalists and terrorists alike, security-minded behavior — using disposable cellphones and switching them on only long enough to make brief calls — marks a user for special scrutiny...for example, when a new telephone connects to a cell tower soon after another nearby device is used for the last time." And Chris Soghoian, principal technologist at the American Civil Liberties Union, told the Post that "the only way to hide your location is to disconnect from our modern communication system and live in a cave."
5. And you don't need to be a suspect to be targeted:
This is the big one—"A central feature of each of these tools is that they do not rely on knowing a particular target in advance, or even suspecting one. They operate on the full universe of data in the NSA’s [repository] which stores trillions of metadata records, of which a large but unknown fraction include locations," wrote the Post. An intelligence lawyer said that the data collection is not covered by the Fourth Amendment, which outlaws unreasonable searches and seizures.
"It looks like science fiction, but it's real." That's how Amazon, the online retailing giant, describes its new plan to deliver blenders, spice racks, and sex toys in 30 minutes or less via drone. On Sunday, CEO Jeff Bezos announced that his company is in the process of testing these new delivery drones and aims to have them ready by the time the Federal Aviation Administration (FAA) is expected to open up US airspace to unmanned aerial vehicles in 2015. But after that date, Amazon's blender-delivering drones will still face big obstacles, such as the states and cities that are hostile towards drone use; potential accidents with passenger planes; GPS and privacy concerns; and roving bands of laser-wielding package bandits.
While many states are vying for the right to be official FAA drone test sites, others are doing their best to make their skies unwelcome to drones. Both Idaho and Texas have passed laws that restrict private citizens from using drones to take photos—and it's likely that Amazon drones will need to be equipped with cameras, according to the Washington Post. Another seven states have jumped on the drone-banning bandwagon, by stopping law enforcement (but not private companies) from using them for surveillance. There are also a number of cities and counties that are considering making their air spaces "drone-free zones." Charlottesville, Virginia, Iowa City, Iowa, and St. Bonifacius, Minnesota, have banned drones for at least two years. Syracuse, New York, considered a bill in October that would have banned drones but decided to hold it until the FAA regulations shake out. And a Colorado town even considered issuing drone-hunting licenses.
Here's a map showing which states have passed legislation restricting drone use, put together with help from the National Conference of State Legislatures and the ACLU. Many other states have introduced bills that are still under consideration, so check your own state legislature for more information:
Currently, FAA rules prohibit drones from carrying people or property for compensation and only allow them for "important missions in the public interest" like search and rescue, patrolling the border, and firefighting. Unmanned aircraft are also prohibited from airspace over major urban areas—because of a higher likelihood of accidents with traditional aircraft, and other obstacles, such as buildings and power lines. When the FAA lifts drone restrictions in 2015, Amazon drones would likely be traveling in urban areas, given that they can only fly within 10 miles of a distribution center, many of which are located in the suburbs of major cities. But cities aren't likely to be any less dense in two years, raising the possibility of collisions. The FAA is still working on how to safely implement drones in urban areas—particularly by employing sensor technology—but it's still a legitimate concern, given that drones have already crashed into a lake, a Navy ship, and Manhattan.
If Amazon can find a way to make drones work while avoiding cities or airplane flight paths, the company would still need to implement very precise GPS directions to ensure each package goes to the right place. (In many places, a foot or two can mean the difference between your front door and the sidewalk.) The Washington Post points out that technology isn't precise enough yet to let drones fly themselves, so one option would be to have pilots fly drones via computer, to avoid GPS mishaps. But that would require them all to have cameras, creating a slew of new privacy concerns: "We need rules so that we can enjoy the benefits of this technology without becoming closer to a surveillance state," saysAllie Bohm, an advocacy and policy strategist for the ACLU.
Finally, there's also the prospect of thievery. All it could take is an effective drone-destroyer—a hunting rifle? laser weapon? laser pointer?—for a bandit to be watching your movies, wearing your slippers, and making smoothies in your blender. Amazon claims that by 2015, it "will be ready" to unleash delivery drones in US skies—but America probably won't be.
Perhaps nothing is more emblematic of the frustration Americans felt during the October government shutdown, which cost the economy an estimated $24 billion, than the furor over the shuttering of more than 400 federal national parks. Republicans accused Democrats of keeping veterans from seeing the World War II monument in Washington, DC. Democrats blamed the Republicans (who effectively held the nation's budget hostage for 16 days until they couldn't politically afford to anymore) of seizing the park issue to distract from the economy. But now, the US National Park Service—which lost $450,000 a day in park entry and activity fees during the shutdown—has a new message for Congress: No, we're not going prepare for another government shutdown, because you need to do your job.
The smack-down took place at a hearing last week before the House Subcommittee on Public Lands and Environmental Regulation, which weighed in on a new bill introduced by Rep. Chris Stewart (R-Utah) in October. The Provide Access and Retain Continuity (PARC) Act, which has 17 Republican co-sponsors, would allow states to keep national parks operating in the event of another shutdown and would make them eligible for reimbursement by the federal government. (During the shutdown, six states entered into a similar agreement.) Right now, the government is only funded until January 15, meaning that Republicans could potentially pull the same shenanigans all over again in 2014. Stewart tells Mother Jones, "This bill is designed to provide some safeguards to local communities that rely heavily on access to public lands in the event that a shutdown does occur."
According to a National Park Service spokesman, more than 11 million people were unable to visit parks during the shutdown, and the park service lost about $7 million in park entry fees. The Park Service also estimates that communities within 60 miles of a national park suffered a collective negative economic impact of $76 million for each day of the shutdown. But Bruce Sheaffer, Comptroller of the National Park Service,testified that the agency "strongly opposes the bill." He said:
We have a great deal of sympathy for the businesses and communities that experienced a disruption of activity and loss of revenue during last month’s government shutdown and that stand to lose more if there is another funding lapse in the future. However, rather than only protecting certain narrow sectors of the economy...from the effects of a government shutdown in the future, Congress should protect all sectors of the economy by enacting appropriations on time, so as to avoid any future shutdowns.
Sheaffer took issue with other parts of the bill, noting that forcing the Park Service to rely on state revenue would be "a poor use of already strained departmental resources" and would "seriously undermine the longstanding framework established by Congress for the management of federal lands." While Sheaffer didn't object to another GOP-backed bill on the table—the Protecting States, Opening National Parks Act, which would reimburse states for National Park expenses incurred during the October shutdown—he concluded that planning for another shutdown "is not a responsible alternative to simply making the political commitment to provide appropriations for all the vital functions the federal government performs."
Scheaffer's position had support from Rep. Raul Grijalva, (D-Ariz.), who told Cronkite News Serviceat the hearing, "We shouldn’t be coming up with doomsday preparations." But Stewart says, "The [Park Service] opposition is odd and misses the point. Of course the preferred course of action is to avoid future lapses in funding." He adds, "While I cannot predict the future, I do not anticipate another shutdown during the 113th Congress."
When Mother Jones asked the National Park service whether it considered the GOP's fixation on funding national parks a way to deflect blame away from the shutdown, a spokesman said, "Your question asks us to speculate on an issue. We don't do that."
Aruna, 19, recalls that her bosses at the mill “said that we would get less work if we slept with them.”
ARUNA, A 19-YEAR-OLD NURSE I met in the southern Indian state of Tamil Nadu, is a lot like some of my friends in Washington, DC—bright, single, self-assured, loves her job. She speaks quickly and eloquently, not stopping to drink her tea and hardly ever even pausing to breathe. When I first meet her in Coimbatore, a city known for its textile industry, she is on her lunch break, wearing her freshly starched white uniform and a traditional red bindi dot on her forehead.
If Aruna were one of my friends in DC, no one would be asking her why she isn't hitched yet. But in Aruna's home village, if you haven't secured a husband by your early 20s, you're in for a hard ride. "In India, a woman is auspicious because she is married," says Srimati Basu, an associate professor at the University of Kentucky who is an expert on the status of women in India. "Lack of marriage is horrible for the person, the family, and the community."
In order to get married, Tamil village girls like Aruna need at least three gold British sovereigns—bullion is the preferred currency for dowries—the equivalent of about $1,200. Together, Aruna's parents make a little less than $400 a year.
As a child, Aruna dreamed of going to college. But by the time she was 15, when her government-subsidized schooling ended, she understood that she was too poor. Then, a stranger promised to change her life. He offered her a job at a textile factory that has supplied companies including, until recently, UK-based maternity wear maker Mothercare. Her pay would be about $105 a month—enough for food for her family, her further education, and most importantly, the chance to build a dowry.
Sometimes girls would disappear, and everyone would speculate whether they'd died or escaped.
When Aruna arrived at the factory, about 40 miles from her home, she found a vast facility where close to 1,000 girls, many in their teens, lived 10 or 15 to a room. From 8 a.m. till 10 p.m. every day, including weekends, she fed and monitored rusty machines that spun raw cotton into yarn. Her bosses often woke her in the middle of the night because, she recalls, there was "always some sort of work, 24 hours a day." Aruna made just a quarter of the $105 a month she was promised, about $0.84 a day.
Aruna shows me a scar on her hand, more than an inch long, where a machine cut her. She often saw girls faint from standing for too long. One had her hair ripped out when it got caught in a machine. Others were molested by their supervisors. "They said we would get less work if we slept with them," Aruna says. Sometimes girls would disappear, and everyone would speculate whether they'd died or escaped. Still, she needed the money, so she worked there for two years. After she left, a garment workers advocacy organization called Care-T helped her get her current job at the hospital, where she is slowly saving up for a dowry. When I ask if she still has her sights set on college, Aruna shakes her head and tears fill her eyes. But almost instantly, she wipes them away. There's no point thinking about that, since she already has a steady income. "I like my job at the hospital now," she says. Most of her friends are still working at the factory. (The names of Aruna and other former factory workers have been changed to protect them from retaliation.)
In Tamil Nadu, many people know a girl like Aruna, someone who has been lured to work in the garment factories with the promise of earning a dowry. The scheme is so common that it even has a name: sumangali, the Tamil word for "happily married woman." A 2011 report by the Dutch watchdog groups Centre for Research on Multinational Corporations and India Committee of the Netherlands found that sumangali factories employed an estimated 120,000 workers, some as young as 13, and supplied dozens of international companies, including Gap (which denied the allegation), H&M, American Eagle Outfitters, and Tommy Hilfiger.
In the village I am told to look for "the girls with alcoholic and missing fathers," because "that’s where the recruiters are looking."
Last April's building collapse in Bangladesh's Rana Plaza, which killed more than 1,000, briefly drew attention to the plight of garment workers. India is an even larger global player than Bangladesh: It's the third-largest textile and garment exporter in the world (after China and the European Union), with about $29 billion in 2012 sales. Between June 2012 and June 2013, the United States imported about $2.2 billion worth of cotton clothing from India, and that number is expected to grow as India ramps up its textile industry.
In the garment industry the world over, it is common for workers to be locked into exploitative conditions until they fulfill contracts. But in India, the dowry tradition—which persists even though it's officially illegal—makes teenage girls especially vulnerable to these schemes. In part because of this, India has comparatively strong child labor regulations: It's illegal for children younger than 14 to work in factories there, and all workers must be paid double for overtime. Enforcing those laws, however, is another matter. Factories go to great lengths to cover up illegal practices. (Aruna recalls that when inspectors would come—she didn't know whether they were government or company auditors—factory supervisors would shove the younger girls into a special wing. If they were found, they were told to say that they were 18.)
And workers themselves hardly ever report abuse, in part because many come from lower castes, including the dalit, or untouchables. "People don't take up these issues with factory management because they are afraid of losing income and afraid of possible retaliation because they are in a vulnerable position in society," says Heather White, a fellow at Harvard's center for ethics who has researched global clothing supply chains. In her interviews with factory workers, she says she heard about "numerous cases of sexual harassment, which normally in the factory worker context means rape."
In 2012, the workers' rights group Fair Labor Association examined the cases of 78 sumangali workers who, at dozens of factories, had committed to work for three years. Of the 34 girls who did not complete their contracts, 4 died from accident or illness, 11 were forced to leave due to health problems, 17 were taken home by their parents, and 2 left on their own. Twenty were still working at the time of the FLA interviews, and 24 had completed their contracts. Several other NGOs confirmed that it's very common for girls to not complete their contracts and that on-the-job accidents and even deaths are not at all unusual.
A tea plantation in a village where factory recruiters target girls from poor families
Although some of the workers told the interviewers that they had been sexually harassed by supervisors, the report's authors noted that girls rarely report such incidents because doing so could affect their marriage prospects—and is unlikely to bring results in court, anyway. While reported cases of rape in India have been on the rise, the conviction rate—less than 27 percent—has dipped over the last decade, and victims who go to the police have been known to be raped by them as well.
Despite the growing evidence that abuse is common in sumangali factories, most Western companies have not yet eliminated the practice from their supply chains. A major American trade group, the United States Association of Importers of Textiles and Apparel (USA-ITA), has pressured suppliers in other parts of the world to clean up bad labor practices; it recently convinced Bangladesh to pass a binding five-year plan to increase the number of inspections and improve worker safety training. Yet when I asked Samantha Sault, the group's spokeswoman, about sumangali factories, she said, "We have not been aware of the labor practices that you describe." She added that it sounded "disturbing."
SINNATHAMBY PRITHIVIRAJ is a gruff, heavyset man who heads Care-T, the group that helped Aruna find her nursing job. For a decade he has been working with sumangali girls from his office in Coimbatore; he has helped 1,600 of them find work after returning from stints in the factories. If I want to see where the girls come from, he says, I need to go to Aruna's home village, where he's seen an uptick in recruitment recently. He says I should look for "the girls with alcoholic and missing fathers," because "that's where the recruiters are looking."
We set out early the next morning, driving south through heavy traffic past unfinished strip malls and gated textile factories. Getting to the village—a tea-growing area of 71,000 residents, with settlements clustered around 56 different estates—requires a fearless driver managing a rickety stick shift on tight hairpin turns and a healthy tolerance for the 2,000-foot elevation gain. We repeatedly stop the car to let our guide vomit. When we arrive, we see the tea blooming in neon-green tufts straight out of Dr. Seuss. Most of the tea workers are from the lower castes and make about $3 per day; it costs a month's salary just to outfit a child with books and a uniform for school. "We can't give all our children food and schooling, so we sacrifice one child's future for the others," one mother tells me. "In these jobs, girls are preferred, so girls go."
When I arrive at Care-T's office in the village, I am greeted by Julia Jayrosa, the organization's 31-year-old coordinator, in a small room packed with a dozen women and their children. Jayrosa, who seems to have boundless energy and speaks so quickly that I have to beg her to slow down, makes it her business to know what's happening in every house in the village. She tells me there are at least 800 girls from here working in sumangali arrangements right now. Agents are paid $34 to $50 for every worker they recruit to the mills, she says, showing me a bright pink poster that was distributed around the village in May. It promises that in the factories, girls will get part-time education, private bedrooms, and excellent pay. Jayrosa is afraid of the agents and fears that they might shut down her meager business: She provides space for several dozen former factory workers to use their stitching skills and sell their own garments in the village. Her main concern right now is raising enough money to get the women a bathroom, so they don't have to keep going in the jungle.
I spend the day with Jayrosa, talking to the villagers who come in and out of the office. I meet five former sumangali girls, as well as three mothers and a father who sent their daughters to the factories. I talk to a woman who had a miscarriage at a factory because she had to stand so long in the heat, and another who tells me that sexual harassment was rampant in her factory, but "you have to be smart enough not to fall for their tricks."
"We sell to American and European companies!" says the mill boss. "What gives you the right to think you can take photos here?"
At dusk, I meet a girl named Selvi, whose family invites me to their home. At 20, Selvi looks no older than an American middle-schooler, and she weighs 85 pounds. She is shy, quiet, and doesn't often make eye contact. She says she spent the last two years doing stitching for a factory. The recruiter promised her 250 rupees (about $4) per shift, but she says she made only 150 (about $2.50) plus overtime of 15 rupees per hour—even though the legal overtime requirement is twice her hourly pay, or 34 rupees per hour.
The company that owns the factory where Selvi worked has supplied clothing to Mothercare, Walmart, H&M, and the Children's Place. H&M reports that it found no evidence of sumangali workers in its recent audits of three of the company's factories. In 2011, however, the workers' rights group Anti-Slavery International found that the company that runs the factory where Selvi worked was paying workers less than half of what they were promised, sometimes withholding a portion of pay until the workers completed their contracts, monitoring the girls' phone calls, and refusing to let parents visit their children. (The company denies these allegations, and Selvi was allowed to collect her pay and take leave from the factory in March because of problems with her thyroid. She plans to go back to work as soon as she gets better.)