Archive | March, 2017

EU to target encrypted apps

Last week, the UK’s Home Secretary Amber Rudd said that WhatsApp risked becoming a “place for terrorists to hide.” Then, like many others that have used this tired old trope, she went on to call for the development of some magic unicorn key to unlock all encrypted communications, one that was somehow available only to those on the side of truth, beauty, law and order, and not to the other lot. In doing so, her cluelessness was particularly evident, as her invocation of the “necessary hashtags” emphasized, but she’s not alone in that. Despite the chorus of experts pointing out for the thousandth time why it’s not possible, the EU Justice Commissioner has just said that the EU must have magic unicorn keys, too.

• Techdirt: EU Plans To Weaken Encrypted Communications Despite Countless Warnings It Can’t Be Done Safely »
• Ars Technica: Cryptic crypto clash: EU justice chief holds “intensive talks” with IT giants »
• Euractiv: EU to propose new rules targeting encrypted apps in June »


Full circle…

A Spanish court on Wednesday sentenced a young woman to jail for posting jokes on Twitter about the 1973 assassination of a senior figure in the Franco dictatorship.

Even the granddaughter of Carrero Blanco attacked the move by public prosecutors to charge Vera and put her on trial, saying in a letter sent to daily El Pais in January that while the jokes were in poor taste they were not worthy of such legal action. “I’m scared of a society in which freedom of expression, however regrettable it may be, can lead to jail sentences,” Lucia Carrero Blanco wrote.

The Guardian: Spanish woman given jail term for tweeting jokes about Franco-era assassination »


In the US, threats to IT security comes from within

That a major U.S. company had to rely on WikiLeaks to learn about security problems well-known to U.S. intelligence agencies underscores concerns expressed by dozens of current and former U.S. intelligence and security officials about the government’s approach to cybersecurity. (…)

Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters.

Reuters: A scramble at Cisco exposes uncomfortable truths about U.S. cyber defense »


California to make »fake news« illegal?

From a proposed Californian law:

18320.5. It is unlawful for a person to knowingly and willingly make, publish or circulate on an Internet Web site, or cause to be made, published, or circulated in any writing posted on an Internet Web site, a false or deceptive statement designed to influence the vote on either of the following:

(a) Any issue submitted to voters at an election.

(b) Any candidate for election to public office.

EFF comments…

In other words, it would be illegal to be wrong on the internet if it could impact an election. The bill is unconstitutional under U.S. Supreme Court case law (see our opposition letter for more information on that), and likely to draw immediate and costly lawsuits if it is signed into law.

EFF: California Bill To Ban “Fake News” Would Be Disastrous for Political Speech »


Your privacy, for sale – part 2

Putting the interests of Internet providers over Internet users, Congress today voted to erase landmark broadband privacy protections. If the bill is signed into law, companies like Cox, Comcast, Time Warner, AT&T, and Verizon will have free rein to hijack your searches, sell your data, and hammer you with unwanted advertisements. Worst yet, consumers will now have to pay a privacy tax by relying on VPNs to safeguard their information. That is a poor substitute for legal protections.

EFF: Repealing Broadband Privacy Rules, Congress Sides with the Cable and Telephone Industry »


Your privacy, for sale

The bill passed the U.S. Senate: it looks like your ISP will be allowed to just sell your browsing history. While the bill still needs to pass the House (the lower legislature in the U.S.) and the President’s signature, it seems increasingly likely to unfortunately do so. This doesn’t just mean that your privacy is commercialized – it also means that search-and-seizure is: the Police will be able to just buy your browsing history from your ISP, bypassing any privacy protections completely.

Falkvinge: With looming changes to U.S. broadband privacy, police can bypass warrants entirely and just BUY your browser history from your ISP »


EU to ISP:s: Scan and censor everything

Under the extreme rules proposed by the Commission in the Copyright Directive, uploads to the internet would need to be scanned to assess if any photo, video or text that is being uploaded can be “identified” based on information provided by copyright holders. This would block, for example, memes that include copyrighted images or videos, parody, quotation and other perfectly harmless activities.

In order to encourage internet companies to monitor and delete information as thoroughly as possible, it is also proposed that their legal liability for uploads would be increased.

EDRi: EU moves one step closer to the world’s worst internet filtering law »


The EU ePrivacy regulation

The latest dossier on our watch list is the EU ePrivacy regulation. (Aiming to replace the ePrivacy directive from 2002.)

EDRi explains…

This new regulation complements the General Data Protection Regulation (GDPR), adding more clarity and legal certainty for individuals and businesses – helping to protect our personal data by providing specific rules related to our freedoms in the online environment.

EDRi also list some comments…

  • extending the scope of application of the new rules is a welcome improvement;
  • the principle of “privacy by default” should not be partly replaced by the proposed “privacy by option”;
  • the way in which consent will be required needs further clarifications;
  • we need to secure citizens from ubiquitous tracking and ban sites from blocking visitors who do not accept cookies;
  • the proposal to allow offline tracking of users needs to be amended to bring it into line with the rest of the proposal;
  • collective redress mechanisms need to be explicitly mentioned.

Read more at EDRi:
New e-Privacy rules need improvements to help build trust »
e-Privacy Directive: Frequently Asked Questions »
EDRis quick guide on the e-Privacy Regulation (PDF) »