Archive | March, 2016

The spiral of silence

A new study shows that knowledge of government surveillance causes people to self-censor their dissenting opinions online. The research offers a sobering look at the oft-touted “democratizing” effect of social media and Internet access that bolsters minority opinion.

The study, published in Journalism and Mass Communication Quarterly, studied the effects of subtle reminders of mass surveillance on its subjects. The majority of participants reacted by suppressing opinions that they perceived to be in the minority. This research illustrates the silencing effect of participants’ dissenting opinions in the wake of widespread knowledge of government surveillance, as revealed by whistleblower Edward Snowden in 2013.

• Washington Post: Mass surveillance silences minority opinions, according to study »
• Motherboard: ‘Chilling Effect’ of Mass Surveillance Is Silencing Dissent Online, Study Says »
• Journalism & Mass Communication Quarterly: Under Surveillance – Examining Facebook’s Spiral of Silence Effects in the Wake of NSA Internet Monitoring »


Apple vs. the FBI — who won?

From the Associated Press Washington desk:

The FBI said Monday it successfully used a mysterious technique without Apple Inc.’s help to hack into the iPhone used by a gunman in a mass shooting in California, effectively ending a pitched court battle between the Obama administration and one of the world’s leading technology companies.

The government asked a federal judge to vacate a disputed order forcing Apple to help the FBI break into the iPhone, saying it was no longer necessary. The court filing in U.S. District Court for the Central District of California provided no details about how the FBI did it or who showed it how.

Justice Department cracks iPhone; withdraws legal action »

But is this really a mystery? I wrote about this some three weeks ago. That was when the ACLU demonstrated that breaking locked iPhones is almost common knowledge in the tech community:

One of the FBI’s Major Claims in the iPhone Case Is Fraudulent »

Never the less many questions remain unanswered. And the FBI is not about to open up. Ars Technica:

Apple likely can’t force FBI to disclose how it got data from seized iPhone »

Here, it is important to understand what this really has been all about:

[The FBI] is not as interested in solving the problem as they are in getting a legal precedent, [Richard] Clarke said. “Every expert I know believes the NSA could crack this phone. They want the precedent that government could compel a device manufacturer to let the government in.”

The Register: Former US anti-terror chief tears into FBI over iPhone unlocking case — They’d just send it to the NSA if they really wanted access, says Clarke »

Now, what about Apple? Have all of this bruised the iPhones reputation when it comes to security?

Well, it shouldn’t. As mentioned, there already are known ways to break into a locked iPhone.

But facts is not the same as the public perception. The general notion is that this is something entirely new.

And, as a matter of fact, the authorities can open up a locked iPhone. Apple do have a very real public relations problem on its’ hands.

Inevitably, Apple will have to beef up the iPhones security shortly. That may, in turn, lead to new conflicts with the FBI & Co.



A European FBI? Really?

Somewhere on the Internet, someone wrote “The purpose of terrorism is to provoke the target government into curtailing civil liberties, so more people become radicalized.”

Close enough. Google “the purpose of terrorism”. The Internets is full of thought-provoking discussion about what the fuck is going on. Or at least, opinions about it.

Terrorism is a wide specter, in many ways. Now, we are waiting to find out how governments are going to react to the Brussels attacks. They will. They have to. That is what politicians do. But… how should they react?

It happens to be that national governments are catastrophically bad at sharing information with each other. At least, when it comes to information that might be a bit sensitive. They simply cannot let everyone else in on everything. They will not do that.

And the EU can do nothing. (I’m not saying that the EU should, absolutely not – but it is noteworthy that it can not. National security is strictly national competence. That’s the rule.)

So there is this bold idea floating around: A European FBI.

In other words, a federal and centralized European police. All information would belong to an EU institution in some Belgian suburb. It would have its nose in everything. Like they say in American crimis… “Oh, shit. The Feds are here.”

Newer the less, it would be a radical way to get all of the European police in line, I guess. And think about all the money they can save by having a common European police uniform.

On the one hand, it is obvious that someone must make national government’s security agencies share relevant information — about common enemies, at least.

On the other hand, who should handle this? Not the Commission itself, I hope. So, give it to Europol, they will say. And right there we also need to give Europol full operative authority in all EU member states.

Europol is the European Union’s law enforcement agency whose main goal is to help achieve a safer Europe for the benefit of all EU citizens. We do this by assisting the European Union’s Member States in their fight against serious international crime and terrorism.
— Europols boilerplate

Europol is largely a post-macho bureaucracy, with some support for member states in need to coordinate specific work and operations. But it’s not very operative in itself. (Europol didn’t even bother to look into the possibility that the NSA hacked the SWIFT bank transaction system, mentioned in the Snowden files. Not even after being asked about it by media and in the European Parliament.)

Should we put these people in charge of running European police? I’m not even sure that Europol would like to. They lack the ambition.

Maybe something… new! And there you have it: Europolice. The only police you will ever need.

Then anything can happen. There will be disasters like a centralized procurement process for toilet paper to all European police stations. There will be a federal authority running its own investigations parallel to local law enforcement. And federal crimes must be handled in a unified way across all of the EU — how do you make that happen?

There will have to be field offices in cities all over the continent, with a partly international crew.

Europolice: Keeper of all information. Online with all national records. Connected to the mass surveillance network. Bureaucracy with operative authority. A single point for failure. Under at best vague democratic oversight.

Are you really sure about doing this?



What to expect after the Brussels attacks. And why it will not work.

Once again terrorists have struck.

No doubt, this will be followed by new calls for mass surveillance.

But mass surveillance doesn’t really work. It’s rather draining the police and intelligence services of resources – making us all less safe.

Not even a system with 99% accuracy would be useful. It would give 10,000 false positives per million people’s communications scanned. That’s simply not workable. (And it would lead to dramatic consequences for totally innocent people.) Also, there are no systems even close to being 99% accurate.

After the Paris attacks Waldemar Ingdahl wrote in Spiked:

And yet, despite the vast array of new powers granted to security agencies over the past 15 years, they still find it difficult to connect the dots in the lead-up to a terrorist attack. In fact, the Madrid train bombings in 2004 and the London bombings in 2005 were undertaken despite the fact that some of the perpetrators were already under surveillance.

What we need is more traditional police and intelligence work — not security bureaucrats behind computer screens, trying to find suspicious patterns in ordinary people’s communications.

Human intelligence is hard, often dangerous and expensive. But that is what it takes. Everything else is part of a counter-productive security theatre.

But then again, fighting terrorism might just be a pretext for mass surveillance of the general public.


Spiked, November 2015: Why mass surveillance misses terrorists »


Tuesday: First day in court in the Apple vs. FBI case

As the government acknowledges, courts operate on precedent. So if the FBI wins this time, it means it is more likely to win the next.

This year, a favorable ruling could decide whether laptop cameras can be conscripted as spies or smartphones become permanent homing beacons.

In a year or two, the same ruling may have set laid the groundwork for whether your car becomes your police van or your home becomes your holding cell.

The Guardian: Beyond surveillance: what could happen if Apple loses to the FBI »


Pirate Bay in court in Sweden, once again

Today Svea Hovrätt (a regional court in the Swedish three-level court system) began the case about the domain names and The government (represented by public prosecutor Fredrik Ingblad) is making its’ case to seize the two domains. The case also concerns the domain name administrator – Stiftelsen för internetinfrastruktur (IIS) – as a possible accomplice to copyright infringements.

Last spring the district court of Stockholm decided that Pirate Bay founder Fredrik Neij no longer has the right to the domain names. However, it did not seize them for the government, but left them in the care of IIS. Nor did it find that IIS had been part of criminal activities.

An interesting point is if a domain name can be deemed to be a tool for criminal activities — or if it’s just a name, an address.

The trial will go on for two days and a verdict will be read in a few weeks time.

Link to a Swedish IDG article about the case »



ECJ to rule that providing open internet connection is not a crime?

In a recommendation the Advocate General to the European Court of Justice (ECJ) states that business who provide free, open Wi-Fi to customers should not be responsible for copyright infringements carried out on their network.

But there might still be national restrictions. Glyn Moody at ArsTechnica:

However, the Advocate General ruled that national courts may issue injunctions against the provider of free Wi-Fi services in the case of copyright infringement provided they are “particular, effective, proportionate and dissuasive”; and “that they are aimed at bringing a specific infringement to an end, and do not entail a general obligation to monitor.” Moreover, courts must strike a fair balance between “freedom of expression and information and the freedom to conduct business, as well as the right to the protection of intellectual property.”

The Advocate General goes on saying that there need to be no obligation to secure an open network with a password. It might even be possible that a shop or a café providing open Wi-Fi might be covered by the mere conduit principle. (Under the mere conduit principle of the EU E-Commerce Regulations of 2002, network operators have no legal liability for the consequences of traffic delivered via their networks.)

Now it is up to the ECJ to draw its final conclusions. But the court normally rules in line with the Advocate Generals recommendations.

This is good news for an open, creative society where people work and use their devices in public establishments. Providing free internet connection should not be a crime.

ArsTechnica: Free Wi-Fi providers not liable for user’s piracy, says top EU court lawyer »



“EU-US Privacy Shield must be sent back to negotiators”

A group of leading digital rights organisations on both sides of the Atlantic has called for the Privacy Shield arrangement between the EU and US to be sent back to the negotiators. In a letter to senior EU officials, the group says that without “substantial reforms” to ensure protection for fundamental rights of individuals, the Privacy Shield will “put users at risk, undermine trust in the digital economy, and perpetuate the human rights violations that are already occurring as a result of surveillance programs and other activities.”

ArsTechnica: Privacy Shield deal must be sent back to negotiators, say digital rights warriors »