Archive | December, 2015

The normalisation of mass surveillance

Once upon a time, there were rumors about a global surveillance network — Echelon. When the European Parliament decided to look into the matter, it turned out it did indeed exist. For years to follow there were rumors about US intelligence organisation NSA and its new capabilities to “collect it all”. And a few years ago, the Snowden documents exposed exactly that.

Then followed a state of resignation.

In 2013/14, it was brought to light that the NSA might have compromised the international clearing system for bank transfers, European run SWIFT. It’s a bit odd, as the US can have as much information about European bank transfers as they want, in accordance with the EU-US TFTP agreement. Newer the less, there were strong indications of something going on. This time the European police agency, Europol, didn’t even bother to look into the matter. In a European Parliament hearing Europol director Bob Wainwright explicitly said so. (The hearing is quite surreal. It’s all on video here. »)

In Germany, politicians softened their tone against the US/NSA when threatened with limited access to US intelligence. It also turned out that under the level of political polemic, the BND had been working very closely with the NSA all the time. And in Sweden, according to the Snowden files, SIGINT organisation FRA has access to NSA superdatabase XKeyscore. Swedish politicians (including the Greens, who are now in government) will not even comment on the legality of this.

The European Court of Justice has invalidated the EU data retention directive, finding it in breach of fundamental human rights. Never the less most EU member states are upholding (and in some cases implementing) data retention, leading national constitutional courts to object. But data retention fits well with US surveillance systems, so it seems to be less important if it is legal or not.

I could go on, but I better get to my point.

Politicians and intelligence bureaucrats are sending some pretty clear signals these days. They do not care about what is legal or not legal. They do not care if being exposed. They do not even comment on issues that ought to be fundamental in a democracy. The message is: This is the way it is. Live with it.

If there was ever need for a broad political movement against mass surveillance, it is now.



EU to coordinate member state intelligence?

(EU Counter-Terrorism Coordinator) De Kerchove, who stressed in front of the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) earlier this year to “never let a serious crisis go to waste”, now told the European Observer that “[y]ou don’t want people to know (…) that you have Big Brother interception by satellite or that you have people infiltrating computers”.

EDRi: EU encourages cooperation between intelligence agencies »


Crypto wars, the simple truth

“To put it bluntly: the call to provide law enforcement (or, anyone) exceptional access to communications and content poses a grave threat to the future of the Internet. It is simply not possible to give the good guys the access they want without letting the bad guys in. There’s nothing new or novel in this statement. Experts have been saying the same thing for 20 years. While the message is old, with the integration of Internet technologies into nearly all aspects of life, the stakes are higher than they’ve ever been.”

Meredith Whittaker and Ben Laurie: Wanting It Bad Enough Won’t Make It Work: Why Adding Backdoors and Weakening Encryption Threatens the Internet »


The real danger with state spy trojans

A state trojan is when a government authority places a secret, hidden spy program on your computer, smartphone, tablet or server. It can be used to monitor everything you do. No matter if you use encryption or safe messaging apps. What you see, the police and intelligence authorities will see. Every keystroke can be tracked, often in real time. All your files can be accessed. All your communications can be scrutinized.

And, in the words of the founder of state intelligence, Cardinal Richelieu… “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”

Many countries are already using state spy trojans for surveillance. And others are to follow suit. At the moment countries like Spain and Sweden are trying to rush legislation trough.

State trojans are usually not used for mass surveillance. (But they can be.) At least not in most countries — where some sort or court order or other judicial process under the rule of law will apply before the trojan is being launched. So, the main problem in most cases is not about people’s right to privacy in general. This is targeted surveillance. But of course, it can be misused and/or used too generously.

The real problem is that state (and other) spy trojans will make our computers and entire IT systems vulnerable. In turn, this can be used by criminals, by foreign governments and by others interested in you, your communications and your data.

And what will happen when governments are using the same sort of tools as criminals? In the words of Amelia Andersdotter and Christer Spörndly… “The logical, and very disturbing, consequence is that there will be no incitement to identify and stop security vulnerabilities.” There are no security glitches only accessible for the government. If you leave a door open, it is open for everyone.

And to build these spy trojans, governments will have to use some sort of known security vulnerabilities. Or even worse, they might buy spyware from external developers — who also have other customers…

State spy trojans are a nightmare. They will make us all less safe.



The mass surveillance tipping point

Mass surveillance is getting more and more widespread, intrusive and extensive.

If we look at the bigger picture — the resemblance with totalitarian societies is getting rather obvious.

So, when will enough be enough? When will all of this become dangerous for real? Or is it already?

The entire notion of mass surveillance is dangerously close to the fascist concept: The all-embracing state controlling the lives of the people — in which citizens are not regarded as individuals, but are subordinate to the state.

A central problem is that the public is not allowed to know how mass surveillance is being used. Is it “only” a rather ineffective way to protect the people from real or imaginary dangers? Or is it being used to “collect it all” for the purpose of strengthening the government’s control and power over us? It seems politicians are not really that interested in telling us, are they?

Regardless, mass surveillance is a tool in the hands of the ruling political and bureaucratic class. And we know nothing about who those people will be tomorrow. Can we be sure that they will be somewhat democratic and fair people — forever? If not, we will have a very real problem on our hands.

But even with friendly, honest and democratic people in power — you can only have so much surveillance before it becomes dangerous, intolerable and unacceptable. Even with the best of intentions.

There is a tipping point somewhere between no surveillance and total surveillance. It might be in the future. Or we might already have passed it.

That is where the public debate on mass surveillance should be. But it’s not.



What you need to know about Passenger Name Records (PNR)

The EU is about to adopt a new regulation regarding registration of our air travel.

Passenger Name Records (PNR) has earlier been blocked by the European Parliament, because of privacy concerns. But after the Parris attacks, it seems to be impossible to prevent this form of surveillance.

EDRi has published a detailed FAQ about PNR. »

The Directive is being adopted despite concerns raised by the Fundamental Rights Agency (FRA), the European Data Protection Supervisor (EDPS) and Article 29 Working Party. A study undertaken for the Council of Europe explained that “no serious, verifiable evidence has been produced by the proponents of compulsory suspicionless data collection to show that data mining and profiling by means of the bulk data in general, or the compulsory addition of bulk PNR data to the data mountains already created in particular, is even suitable to the ends supposedly being pursued –let alone that it is effective”

Notice that data will be saved up to five years — not six months (as many politicians would like us to believe).