Archive | August, 2015

Post Ashley Madison

Rick Falkvinge writes:

If you don’t build a bridge to best practices, people die. If you don’t build a computer system to best practices, people die. Why is it the vendor’s fault in one case, but not in the other? In other words, why is privacy always your own responsibility, and never the liability of those who promise it to you?

Read more: Ashley Madison: When Will Privacy Breach Liability Be Taken As Seriously As Other Safety Breach Liabilities? »

0

Industry wants NSA access to European personal data

The EU is in the process of modernising data protection — in the General Data Protection Regulation (GDPR).

One key point is that European personal data, stored in Europe should be protected under European law. Companies should be able to deny requests for personal data from non-member countries. Politico.eu explains…

A small section, Article 43a, says companies should not always comply with requests from courts, tribunals and administrative authorities in non-EU countries for the personal data of Europeans. The only exceptions would be under law enforcement treaties or relevant agreements between those countries and the EU, or individual European countries.

This ought to be a no-brainer. But it has turned out to be highly controversial. One reason might be that US intelligence and law enforcement would like to have access to as much as possible. (And sadly they probably will, under other agreements and treaties. But it shouldn’t be the default mode.)

This is the position of the European Parliament. However, EU member states in the European Council are not at all happy with this article. Apparently, their allegiance does not lie with the citizens and European business.

And now the Industry Coalition for Data Protection (ICDP) composed of Big Data, IT- and telecoms multinationals have stepped in to kill article 43a.

The coalition sent a letter this week to Justice Commissioner Věra Jourová, parliamentary rapporteur Jan Philipp Albrecht MEP, and the Luxembourg presidency of the Council of the EU — the key representatives of the three institutions that are currently negotiating the regulation’s text.

The letter from ICDP said that adopting a “unilateral approach” would create deliberate conflicts of law and severely undermine “both the principles of reciprocity in diplomatic relations as well as the credibility of the EU data protection reform.”

Apparently, these companies are more concerned about their relations with US authorities than data protection.

Politico.eu: Industry issues plea over data reform »

/ HAX

0

Both hackers and negligent companies to be held responsible for data protection breaches

A US court has decided that companies that are negligent when it comes to data protection can be fined, if hacked.

From a privacy perspective, this is good news. There are far too many cases where companies are so lax when it comes to IT security and data protection that they are just as responsible for privacy breaches as the hackers.

As an example we have the Swedish / Danish cases against Gottfrid Svartholm Warg — totally focused on the alleged hacker but with no serious attention directed towards the broad negligence at the hacked companies. (In this case it seems that some vulnerabilities have not been addressed even after the case has been closed.)

We should also remember that many companies promise more than they can live up to in their privacy policies, thus misleading people. This should open up the possibility of civil litigation.

Hopefully, now companies (and government institutions) will take data protection more seriously.

/ HAX

Link: Court Says the FTC Can Slap Companies for Getting Hacked »

1

Forking Bitcoin software will only concern miners, not ordinary users

One thing with Internet related stuff is that people seems to assume that you are a tech wizard. I’m not. I’m into this from a political background. (Free information, free speech, civil rights etc.) I understand some very general basics about computing, but that’s all. As most people I use computers and the Internet as tools in my work. I almost never go under the hood.

Now, Bitcoin: a splendid idea! There is a need for a free, non-government controlled method for payments. And again, I get the general idea of how it works. But go into technical details, and I’m completely lost. (However I have great ideas about how to use Bitcoins.)

So, I was somewhat confused as news started to spred about a possible fork in the open source software running Bitcoin. Frankly, all I really understood is that there is a conflict about how best to scale up the system.

There is a lot of information out there. Except one piece of information. What will this mean for me as an ordinary Bitcoin user?

I’m not a miner. I don’t even have the complete Blockchain stuff downloaded to my computer. I just have a Bitcoin wallet with a third party. Like most people, I’m just an ordinary user.

For Bitcoin to gain ground people need to be able to trust the system. And, as you know, there have been some ups and downs in that respect.

So, here I stand, in an ocean of information. But with no answer to how — if at all — I will be affected by the software fork. Will there be two, competing Bitcoin systems? Will I be able to use and receive Bitcoins as usual in the future? Or what?

And I’m not the only one. Trust me.

I have no idea if forking the Bitcoin software is a good idea or not. But I’m absolutely sure that the lack of plain, simple information about what is going on is confusing people. And confusion undermines trust — leading to a slower adoption of the whole Bitcoin concept.

Luckily, I have friends. So I asked Rick Falkvinge. It tured out I don’t need to care. This does not apply to existing Bitcoins. It’s only of interest for miners. Thank you Rick.

But I’m hardly the only one who to have been confused today. In the future, it might be a good idea to keep the broad base of ordinary Bitcoin users informed — before you start to meddle with the system. Especially if it in some way might be controversial.

As mentioned, the future of Bitcoin is all about the general public understanding and trusting it.

/ HAX

Note: It seems, the fork in the Bitcoin software (regarding the size of the blocks) will only be activated if it is supported by at least 75% of miners.

Some links:
Bigger Blocks Mean More Decentralization for Bitcoin »
The Bitcoin Schism Shows the Genius of Open Source »

1

Chelsea Manning punished for reading Nobel Peace Prize winner

Whistleblower Chelsea Manning is serving 35 years in prison – for having exposed the truth to the American public.

Manning has just been punished with 21 days of restrictions on her recreational activities, including no access to a gym, a library or the outdoors.

Why? For possessing unapproved reading material and expired tooth paste. The Guardian reports…

“A tube of anti-cavity toothpaste, MKIC, was found in your possession past its expiration date of 9 April 2015. You are involved in violation of ACC Policy Letter 16, using, possessing, handling or storing of medicine, except as authorized by the facility medical staff. Failure to take medication as prescribed by medical staff,” read the charging documents, which were also shared on Manning’s twitter account.

According to Manning other items confiscated from her cell included the memoir I Am Malala by Malala Yousafzai, a novel featuring trans women called A Safe Girl to Love, the LGBT publication Out Magazine, the Caitlyn Jenner issue of Vanity Fair and a copy of Cosmopolitan that included an interview with Manning.

How stupid. How sad. How sinister.

The Guardian: Chelsea Manning found guilty but spared solitary confinement for contraband »

0

Reclaim democracy!

“If you have nothing to hide, you have nothing to fear.”

The phrase is well known and frequently used by politicians who are in favour of mass surveillance.

First of all, all people have something to hide. And in the unlikely event that someone really has nothing to hide – this person almost certainly have been trusted with secrets by others (such as friends and their employer).

Second, the very same politicians are not at all interested in letting the people know what they themselves are up to. They loathe transparency and openness. Because they do have things to hide.

Let’s take the secretly negotiated EU–US trade agreement, TTIP, as an example. Already it is almost derailed because of the controversial dispute settlement instrument, ISDS. That was something the people was not supposed to know about. EU and US officials are not at all happy that this detail has been publicly known and put into question.

Most parts of the TTIP are still secret. E.g. the IP chapter concerning copyright and its’ consequences for an open and free internet. By keeping this text under wraps the European Commission and the US administration hope to minimize scrutiny and opposition until the very last moment. (When nothing can be changed.)

Not even the peoples elected representatives in national parliaments and in the European Parliament — the very people who are supposed to approve or reject TTIP — are allowed free access to the latest texts. (Link»)

This is not the way to behave in a democratic society. Instead you should embrace openness, critical analysis and a free debate.

All this secrecy is a very real problem. But what troubles me even more is the blatant double standards. The people is supposed to silently subject itself to mass surveillance — while our leaders claim the right to conduct their business in secret.

It’s time to reclaim democracy!

/ HAX

Link: Politicians can only view secret trade pact in special viewing room »

0

Framing Julian Assange

Wikileaks editor in chief Julian Assange is still a refugee at the Ecuadorean embassy in London.

Assange is suspected of sexual misconduct in Sweden. He has yet not been charged with anything. His case has already been dismissed by one Swedish prosecutor — but reopened by another, issuing an European Arrest Warrant to have him interrogated in Sweden. British courts allowed extradition to Sweden, despite Assange fearing that the Swedes might hand him over to the US. (Where a grand jury apparently is preparing a case against him.) Then, Assange jumped bail and was granted political asylum at the Ecuadorean embassy.

I will leave the substance of the Swedish case aside in this blog post. But I can tell you, it’s very thin.

Now the statutory time period for charging Assange with the lesser of the alleged crimes in Sweden is running out. (Other parts of the investigation will remain open for another five years.)

For years Swedish prosecutor Marianne Ny has refused to conduct an interview with Assange i London. (Even before his escape to the Ecuadorean embassy.) She claimed that it cannot be done, that Swedish prosecutors cannot do that. That was a plain lie. (Hell, even I have been interviewed by a Swedish prosecutor abroad.) Swedish courts and even the British government have urged Ms Ny to have this done and over with.

Finally, Friday June 12:th this summer, Swedish authorities sent a letter to the Ecuadorean embassy in Sweden — asking for an interview with Assange in London only five days later (including the weekend). To no surprise the embassy in Stockholm, the Ecuadorean government and their embassy in London did not manage to coordinate this in just a few days. So there was no interview.

Now the investigation of the suspected crimes of a lesser degree will be closed. Julian Assange will still be suspected of wrongdoing, in the public view. But not able to clear his name (in these parts) anymore. At the same time the investigations of the remaining suspected crimes will stay open, the European Arrest Warrant will still be in force and Assange will still be stuck at the embassy in London.

A perfect way for various governments to keep an inconvenient journalist in limbo, if you ask me.

/ HAX

2

If we want more whistleblowers to step forward, we must grant Snowden asylum

Two years ago Edward Snowden exposed NSA global mass surveillance. This was very important – revealing the hidden politics of US, UK and other countries.

But, as a matter of fact, much that was exposed in the Snowden files was known earlier. Known, but without real impact. What Snowden did was to verify this information — forcing the media to report and politicians to react (in a good or bad way).

For some 30-40 years journalist Duncan Campbell has reported on UK surveillance and shady intelligence operations. He is maybe best known for his work on ECHELON — the global surveillance network, which existence was hard to believe even for civil rights activists. But it turned out he was right. And today, what he told us then is confirmed in the Snowden files. (Read the Duncan Campbell story here. »)

The late Caspar Bowden exposed US mass surveillance warned the European Parliament about the NSA PRISM programme a year ahead of Snowden blowing the whistle. (Video ») But nobody seems to have taken his warnings seriously enough.

In the US and UK there where scores of whistleblowers before Snowden. (You can listen to some of them in the excellent PBS documentary United States of Secrets. »)

But the mass surveillance controversy didn’t really take off until Snowden.

It had to be done in a very public and newsworthy way. It ment that the whistleblower in question had to leave his life behind and risk everything. It had to involve brave journalists, steadfast publishers and some large media corporations. It had to be done openly, with maximal transparency and standing up to people in powerful positions.

The Snowden files are still very important. But slowly this affair is fading away. The NSA, GCHQ & Co has moved on, developed new methods and adopted to (or circumvented) new rules.

Today, we need more whistleblowers. And we need them to step forward the Snowden way — grabbing the world by the balls.

This is one reason it is so sad that no western democracy seems to be willing to grant Edward Snowden asylum. Because, frankly, who really wants to be stuck in Putins Russia? It must be possible to expose the truth and have a future here in the West.

Surely, there must be some politicians in some country willing to stand up for truth, transparency and democratic core values. Or..?

/ HAX

0

A first sign of an EU ban on encryption?

I noticed that UK Prime Minister Camerons idea that governments should be able to circumvent encryption (the “backdoor” concept) has been echoed by the leader of the Swedish parliamentary opposition, the centre-right partys (Moderaterna) Anna Kinberg Batra.

At a glance this seems to be rather insignificant. But you should know that under the former Swedish centre-right government Sweden established itself as a very close partner to US NSA and British GCHQ. The Snowden files reveals that Sweden (code name: Sardine) is in so close cooperation with the US lead “five eyes coalition” that you could actually talk of a “six eyes coalition”. When the Swedish electronic surveillance organisation Försvarets Radioanstalt (FRA) was given extended mandate it is said that the US helped the Swedish government to draft the new law. And many of the shady details of the FRA law seems to be copied from the US legislative framework.

The Swedish opposition leader wouldn’t do anything concerning mass surveillance without consulting with the US and the UK. (And the present Swedish red-green government is just as compliant.)

This is what is significant. When Swedish politicians echo what is being said in Washington and London – you can be almost certain that there is some coordinated political action going on. And when it comes to Big Brotherism, Sweden is a really bad influence on other EU member states.

This might very well be the first sign that a ban on encryption is to be coordinated at a European level. (It is open to question if this is within EU competence. But if not, the member states probably will do as usual: Coordinate national legislation after an informal conclusion in the Council.)

/ HAX

1