Archive | September, 2015

Some links…

The Intercept: PROFILED – From Radio to Porn, British Spies Track Web Users’ Online Identities »

Falkvinge: GCHQ Is Building A Stasi Archive On Steroids: Why Are People Still Surprised? »

EU Law Analysis: American Mass Surveillance of EU citizens: Is the End Nigh? »

Netzpolitik: Strategic Initiative Technology: We Unveil the BND Plans to Upgrade its Surveillance Technology for 300 Million Euros »

The Daily Dot: FBI and DEA under review for use of NSA mass surveillance data »

TorrentFreak: Pirate Bay Founder Finally Free After Three Years »


UN proposes web policing and licensing for social networks

The United Nations Broadband Commission for Digital Development just made some controversial and disputable recommendations. They want social networks and platforms to police the Internet and to be “proactive” against harassment and violence against women and girls. Only web platforms doing so should be licensed.

Washington Post reports…

“The respect for and security of girls and women must at all times be front and center,” the report reads, not only for those “producing and providing the content,” but also everyone with any role in shaping the “technical backbone and enabling environment of our digital society.”

How that would actually work, we don’t know; the report is light on concrete, actionable policy. But it repeatedly suggests both that social networks need to opt-in to stronger anti-harassment regimes and that governments need to enforce them proactively.

At one point toward the end of the paper, the U.N. panel concludes that “political and governmental bodies need to use their licensing prerogative” to better protect human and women’s rights, only granting licenses to “those Telecoms and search engines” that “supervise content and its dissemination.”

This is bad, in so many ways.

It is a well-established principle that internet service providers and social networks are not responsible for what their users do. (Mere conduit.) Now, the UN Broadband Commission wants to throw that principle out the window. Meaning that concerned parties will have to monitor everything every user do — to be able to police the net in line with the commissions recommendations.

Then there is the idea of licensing social networks. This is a terrible idea, unacceptable in a democratic society. Period.

And knowing the modus operandi of the UN — you cannot rule out that this report is being encouraged by UN member states with a general interest in limiting a free and open internet.

One might also question the principle that “the respect for and security of girls and women must at all times be front and center”. First of all, everyone deserves respect and security. Second, it is very dangerous to give different groups different rights, advantages or treatment. Everyone should have the same rights and be treated the same way by government.

A final reason to keep this door closed is that “respect” and “harassment” are relative terms. This is often in the eye of the beholder. There is a tendency in some circles to label all dissent as harassment. And then we have the “trigger warning” discussion, with countless examples of claims of annoyance and inconvenience used to limit freedom of speech.

Regardless of whether you think those are worthwhile ends, the implications are huge: It’s an attempt to transform the Web from a libertarian free-for-all to some kind of enforced social commons.

This UN report is ill thought out and dangerous for democracy.


Washington Post: The United Nations has a radical, dangerous vision for the future of the Web »


The strengths of Bitcoin vs. old currencies

So, people say Bitcoin (and Blockchain) is difficult to understand? Well, not if you compare it to our traditional monetary system.

The growth of the number of Bitcoins is foreseeable and limited. At the same time the Fed, the ECB, Bank of England and other central banks can print as much money as they want. And they do, on an unsound scale.

There is a well established procedure for mining Bitcoins. When it comes to the USD, EUR, GBP and other common currencies — they are created out of thin air by central and local banks in an endless debt loop.

The “value” of Bitcoins might be a bit volatile. At the same time old currencies are constantly sliding downhill, with inflation making peoples money and wages worth less. (Thus imposing a stealth tax on the people.) With the limited influx of new Bitcoins (and while being adopted by more and more people and business) their value should steadily increase.

Some argue that there is no underlying value of Bitcoin, but trust. The same can be said about all old currencies. For example, the USD left (what was left of) the coupling to gold in 1973. (Since then inflation has made things ten times more expensive, in absolute terms. During the same time the total money supply has increased 80 times.) And trust is much better upheld in the Blockchain than in banks computers and spreadsheets.

Talking about trust: Bitcoins cannot be controlled or manipulated by banks, central banks or governments. Given that traditional currencies in turmoil obviously results in banks being closed, caps on withdrawals and confiscation of bank deposits (like in Cyprus) — Bitcoins may in some situations be the only usable currency.

More and more people are realising that the old monetary system is questionable and possibly unsustainable. So, I would not be surprised if the Bitcoin Moment will arrive shortly.



Too Cute to Die?

CO5KMaDWIAAfq9QThe medieval-style regime in Saudi Arabia continues to disregard human rights in the most terrifying ways.

The past year the world have learned about the Saudi blogger Raif Badawi, sentenced to ten years in prison and 1,000 lashes for writing critical texts about the religions hold on Saudi society. This has lead to an outcry of anger, distress and frustration around the world.

As if that isn’t horrific and appalling enough, the Saudis now have sentenced another young man — Ali Mohammed al-Nimr — to death, to be beheaded and crucified on politically motivated grounds. World.mic reports…

In 2012, Ali Mohammed al-Nimr, then 17, was arrested in the country’s Qatif province on reportedly shaky charges of illegal protesting and gun possession, the International Business Times reported Wednesday. There was never any evidence to support the guns charge.

After being arrested, al-Nimr was held in jail and not allowed to speak to a lawyer. According to the British legal aid group Reprieve, al-Nimr was subject to torture to extract a forced confession. A closed appeals process — which he was not invited to and occurred without his knowledge — dismissed any remaining possibility that the nation’s legal system would prevent his biblical execution.

“No one should have to go through the ordeal Ali has suffered — torture, forced ‘confession’ and an unfair, secret trial process, resulting in a sentence of death by ‘crucifixion,'” Maya Foa, director of Reprieve, said in a statement.

Al-Nimr was reportedly targeted because his uncle, Sheikh Nimr al-Nimr, is a noted critic of the kingdom…

This is nightmarish. Trumped up charges, no rule of law, no respect for human rights or human life. The Saudis are murderous bastards.

It might be a bit cynic, but I hope this case will be an Aylan Kurdi moment for the world. Here we have a good looking and seemingly likeable young man going to be murdered in the most barbaric way by a totalitarian regime.

This might, and should, send chock waves of outrage around the world!

Yes, looks matter. One might think what one likes about that, but that is the way it is. So let’s use the puppy trick — Al-Nimirs sympathetic appearance — to outrage the world and to shame the Saudi regime. It might stop his execution. It might increase the pressure on Saudi Arabia on human rights issues. It might lead to the Saudis halting their killing spree, as the rest of the world won’t have it anymore (and the Saudis are dependent of the rest of the world). And it might save many others, not blessed with a winning look and global media attention.

Enough is enough. Let’s show some global outrage! Free Raif Badawi and Ali Mohammed al-Nimr!


(BTW: Did I mention that Saudi Arabia will be elected chair of UN Human Rights Council Panel?)

• Who is Ali Mohammed al-Nimr and why is Saudi Arabia planning to behead and crucify him? »
• Saudi Teenager Ali Mohammed al-Nimr Has Been Sentenced to Death by Crucifixion »
• Saudi prisoner, arrested at age 17, faces death by crucifixion »




European Commission tries to evade Data Retention squabble

In April last year the European Court of Justice (ECJ) invalidated the EU Data Retention directive. The court found it to be in breach with human rights to collect and store data about all citizens all telecommunications.

Since then some countries have backed down from the idea, some (like Germany) are trying to go forward with some form of Data Retention “light” and some EU states (like Sweden) tries to ignore the ECJ ruling all together, continuing the practice as if nothing happened.

In a rather unexpected statement today, the European Commission (EC) tries to duck out of this controversy.

As the European Commission has repeatedly said since the European Court of Justice annulled the EU Data Retention Directive: the decision of whether or not to introduce national data retention laws is a national decision. The European Commission has no intention to go back on this statement or reopen old discussions.

We are aware that data retention is often the subject of a very sensitive, ideological debate and that sometimes there can be a temptation to draw the European Commission into these debates. The European Commission is not ready to play this game.

We have been very clear that the Commission is not coming forward with any new initiatives on Data Retention. In the absence of EU rules, Member States are free to maintain their current data retention systems or set up new ones, providing of course they comply with basic principles under EU law, such as those contained in the ePrivacy Directive.

We are therefore neither opposing, nor advocating the introduction of national data retention laws.

Link: European Commission statement on national data retention laws »

It’s easy to understand that the Commission would like to keep away from this dispute. But what the EC says in the statement is not self-evident.

The ECJ invalidated the directive on the basis that it is in breach with human rights, such as they are defined in the EU Charter of Fundamental Rights and the European Convention on Human Rights.

And if Data Retention was unacceptable as an EU directive, it should also be unacceptable as national law in EU member states. The principal problem with Data Retention is the same, regardless.

Now, both the EU Charter of Fundamental Rights and the European Convention on Human Rights are parts of the EU treaties. And the EC is the Guardian of the Treaties. Hence, the EC should have an obligation to uphold the ECJ ruling on Data Retention — in all of the EU, at all levels.

But it won’t. As usual in the EU, rules and treaties only apply when in line with what the EU elite wants.


Update: The EU eService Directive mentioned in the statement | Wikipedia » | Eur-Lex »


Privacy policies invalid when companies go bust?

Washington Post has this interesting story: Bankrupt RadioShack wants to sell off user data. But the bigger risk is if a Facebook or Google goes bust. »

The headline speaks for itself. And apparently, also companies like Google and Facebook have some sort of open-ended privacy policies.

In its privacy policy, Google says that if the company is “involved in a merger, acquisition or asset sale” it would continue to safeguard the confidentiality of its users. Users would be notified before their personal information ends up in new hands, the policy says.

Facebook’s data policy is a little more open-ended: “If the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner.”

The difference is not if personal data might change hands, but if you are going to be told about it.

This ought to be something for the EU to tackle in its new data protection package.


EU-US data protection agreement: Good news or bad?

The EU and US have reached a data protection “Umbrella agreement”.

The spin in the news is “EU citizens will have the right to sue US in case of privacy breaches”. (Link»)

And on the European Commissions web site eurocrats are trying to white wash the agreement. (Link»)

What is the EU-US data protection “Umbrella Agreement”?

The EU-US data protection “Umbrella Agreement” puts in place a comprehensive high-level data protection framework for EU-US law enforcement cooperation. The Agreement covers all personal data (for example names, addresses, criminal records) exchanged between the EU and the U.S. for the purpose of prevention, detection, investigation and prosecution of criminal offences, including terrorism.

The Umbrella Agreement will provide safeguards and guarantees of lawfulness for data transfers, thereby strengthening fundamental rights, facilitating EU-U.S. law enforcement cooperation and restoring trust.

In particular, EU citizens will benefit from equal treatment: they will have the same judicial redress rights as US citizens in case of privacy breaches. This point was outlined by President Juncker in his political guidelines, when he stated: “The United States must […] guarantee that all EU citizens have the right to enforce data protection rights in U.S. courts, whether or not they reside on U.S. soil. Removing such discrimination will be essential for restoring trust in transatlantic relations”

Given the current, rather lawless, situation this is a step in the right direction.

But in a wider perspective, this might be bad news: It will open the flood gates when it comes to EU transferring sensitive personal data (e.g. concerning air traffic passenger information and European bank transfers) to the US. And this will serve as an argument for the European Commission to ignore the European Parliaments call to repeal the much criticized and abused Terrorist Finance Tracking Program.

So, at the end of the day, this will be a carte blanche to transfer sensitive European personal data to the US. I’m not sure that is a good thing.


Update: The agreement has been leaked. Link 1 » | Link 2 »


EU: Parliament just came out in favour of Snowden, open-source, encryption, digital freedom and anonymity

Today, the European Parliament adopted a resolution called “Human rights and technology in third countries” (2014/2232(INI)).

This is just a resolution, not legislation, but very interesting nevertheless. The European Parliament…

3. Believes that the active complicity of certain EU Member States in the NSA’s mass surveillance of citizens and spying on political leaders, as revealed by Edward Snowden, has caused serious damage to the credibility of the EU’s human rights policy and has undermined global trust in the benefits of ICTs;

Shame on the Brits, French, Germans and Swedes. (And several others.)

6. Calls for the active development and dissemination of technologies that help protect human rights and facilitate people´s digital rights and freedoms as well as their security, and that promote best practices and appropriate legislative frameworks, while guaranteeing the security and integrity of personal data; urges, in particular, the EU and its Member States to promote the global use and development of open standards, and of free and open-source software and cryptographic technologies;

Nice. This is one we should remind the European Parliament about over and over again–when it tries to make decisions going in the other direction.

9. Urges the EU itself, and in particular the EEAS, to use encryption in its communications with human rights defenders, to avoid putting defenders at risk and to protect its own communications with outsiders from surveillance;

Welcome to the real world.

10. Calls on the EU to adopt free and open-source software, and to encourage other actors to do so, as such software provides for better security and for greater respect for human rights;

This is not the first time the EP makes such a statement. But real progress seems to be very slow.

14. Draws attention to the plight of whistleblowers and their supporters, including journalists, following their revelations of abusive surveillance practices in third countries; believes that such individuals should be considered human rights defenders and that, as such, they deserve the EU’s protection, as required under the EU Guidelines on Human Rights Defenders; reiterates its call on the Commission and the Member States to examine thoroughly the possibility of granting whistleblowers international protection from prosecution;

65. Calls for the scope for international protection of whistleblowers to be extended, and encourages the Member States to table laws to protect whistleblowers;

Very nice. But still, no EU member state is prepared to grant Edward Snowden refuge or asylum.

19. Calls for the inclusion of clauses in all agreements with third countries that refer explicitly to the need to promote, guarantee and respect digital freedoms, net neutrality, uncensored and unrestricted access to the internet, privacy rights and the protection of data;

So, if the EU-US Trade Agreement (TTIP) will include copyright enforcement threatening digital freedom and privacy–the EP will vote no?

We must be sure to make a note of that one. And the next…

20. Urges the EU to counter the criminalisation of human rights defenders’ use of encryption, censorship-bypassing and privacy tools, by refusing to limit the use of encryption within the EU, and to challenge third-country governments that level such charges against human rights defenders;

21. Urges the EU to counter the criminalisation of the use of encryption, anti-censorship and privacy tools by refusing to limit the use of encryption within the EU, and by challenging third-country governments that criminalise such tools;

61. Calls for each individual to be entitled to encryption, and for the conditions needed to allow encryption to be created; takes the view that controls should be a matter for the end user, who will need the skills required to carry out such controls properly;

62. Calls for the introduction of ‘end to end’ encryption standards as a matter of course for all communication services, so as to make it more difficult for governments, intelligence agencies and surveillance bodies to read content;

As far as I can understand, the European Parliament just came out strongly against a ban on encryption.

27. Considers mass surveillance that is not justified by a heightened risk of terrorist attacks and threats to be in violation of the principles of necessity and proportionality, and, therefore, a violation of human rights;

63. Emphasises the special responsibility of government intelligence services to build trust, and calls for an end to mass surveillance; considers that the monitoring of European citizens through domestic and foreign intelligence services must be addressed and stopped;

So, what’s about EU member states continuing data retention?

40. Calls for the development of policies to regulate the sales of zero-day exploits and vulnerabilities to avoid their being used for cyber-attacks, or for unauthorised access to devices leading to human rights violations, without such regulations having a meaningful impact on academic and otherwise bona fide security research;

In your face, NSA…

45. Condemns the weakening and undermining of encryption protocols and products, particularly by intelligence services seeking to intercept encrypted communications;

…and the GCHQ.

46. Warns against the privatisation of law enforcement through internet companies and ISPs;

This ought to be seen as a clear warning not to go down that road in the TTIP.

49. Calls explicitly for the promotion of tools enabling the anonymous and/or pseudonymous use of the internet, and challenges the one-sided view that such tools serve only to allow criminal activities, and not to empower human rights activists beyond and within the EU;

Actually, I’m overwhelmed. But then again, this is not legislation.

However all of the above can be very useful as a reminder when the EU Commission and Council tries to get the Parliament to do the opposite. Or when the Parliament suddenly goes bananas on its own. (It frequently does. It surely will happen again very soon.)

The text as PDF »