Author Archive | HAX

A leaky ship

The Snowden files do not only expose serious breaches of peoples right to privacy. They also prove that information will always be leaked.

The Atlantic writes…

“The agency collected and stored intimate chats, photos, and emails belonging to innocent Americans—and secured them so poorly that reporters can now browse them at will.”

This is not unique for the NSA. It goes for intelligence organisations and law enforcement agencies all over the world.

In my fight against the Swedish NSA-associate FRA, I found myself in possession of nonsensical surveillance information about more than a hundred Swedes. This made it clear that the FRA gathers information about people who are no threat to national security whatsoever. They are not suspected of any wrongdoing at all. But still, the information is collected. And leaked.

Over and over again we hear about people in law enforcement using their databases and information from surveillance to check up on ex-girlfriends, neighbours and personal enemies. Sometimes they slip information to criminal networks. Information is power and will always be used.

Information about our air travel is frequently shared between transport industry and government authorities. I have been assured by Swedish government officials that such data, on an EU level, is used in a responsible way–by the Swedes. That might be, or not. But how is such data handled in other EU countries, with high levels of corruption and murky legal systems?

There are many other cases when data and surveillance information is being misused. The only way to tackle this problem is to reduce the amount of personal details being collected and stored.

There should be no surveillance without a reasonable suspicion of serious wrongdoing. This is not only an important principle. It is also essential to protect ordinary people from having their personal data ending up in the wrong hands.

/HAX

2

The ACTA demon rises. Again. And again. And again…

Two years ago European Parliament killed ACTA, the international Anti-Counterfeiting Trade Agreement.

The main reason was that ACTA promoted the concept that internet service providers (ISP:s) should police the internet to stop intellectual property infringements (i.e. illegal filesharing of music, film, games and software).

Such practice would be in conflict with the principle that ISP:s are not liable for what their customers (ordinary users) do when using their services. This principle is called “mere conduit” and is regulated in the EU E-Commerce Regulations of 2002.

In the same way the Post Office is not liable for what people send in the mail. This is a very reasonable principle.

If ISP:s where to police what is going on in their cables, they would have to inspect and scrutinize all internet traffic. (E.g. by deep packet inspections.) This would include everything we do online. Everything.

This would be a gigantic and very expensive task. And it would force ISP:s to set up extremely comprehensive terms and conditions for users.

And, of course, this would obstruct free flow of information and curb Internet freedom in an unacceptable way.

So it was a very good thing that the European Parliament killed ACTA. (After widespread public protests.)

But ACTA is not really dead. Every now and then the idea that ISP:s should police the Internet pops up. The intellectual property industry never fails to lobby for it.

The issue will be back on the agenda as the EU rewrites its package of copyright rules 2014-2019. (There might also be a revision of the EU E-Commerce Regulations.) And it seems to return in the Transatlantic Trade and Investment Partnership treaty, TTIP.

And right now Rupert Murdoch’s News Corporation wants to hold Australian ISP:s responsible for piracy.

This is an ongoing battle, maybe a never ending one. To kill ACTA was an important victory for a free and open Internet. But we must be aware that the IP industry has no intentions of giving up their lobby efforts to get various ACTA clones into legislation and international trade agreements.

/ HAX

1

“The ultimate goal of the NSA is total population control”

This is a must read. The Guardian runs a piece about NSA whistleblower William Binney. A few extracts…

“At least 80% of fibre-optic cables globally go via the US”, Binney said. “This is no accident and allows the US to view all communication coming in. At least 80% of all audio calls, not just metadata, are recorded and stored in the US. The NSA lies about what it stores.”

“Binney recently told the German NSA inquiry committee that his former employer had a “totalitarian mentality” that was the “greatest threat” to US society since that country’s US Civil War in the 19th century. Despite this remarkable power, Binney still mocked the NSA’s failures, including missing this year’s Russian intervention in Ukraine and the Islamic State’s take-over of Iraq.”

Read the whole piece here »

0

NSA mass surveillance weakens western demoracy

So, the Germans finally lost their patience.

First the Snowden files exposed massive US surveillance of the German public. Then came information about the NSA having bugged chancellor Merkels phone. And the last few days we have found out about two US spies inside German intelligence. And possible surveillance of German politicians involved in Bundestags special NSA committee.

Apparently the US government is willing to give German politicians as much bullshit as they can take. But finally, the Germans have made it clear that enough is enough. The head of the CIA Berlin station is asked to leave the country.

Now, this does not only complicate things in US–German relations. It creates a European surveillance divide, as some national intelligence agencies in the EU–such as British GCHQ and Swedish FRA–are very close to the NSA. These countries stand with the US in this matter, not with Germany.

One can only picture what the implications will be at places such as EU:s INTCEN and NATO:s SITCEN. And imagine the delight in Moscow…

Overambitious surveillance carried out by a pretentious NSA and the inept handling of this matter by the White House has led to a crisis for western intelligence community as such.

And, as a matter of fact, this community do have a role to play–to protect us from external enemies.

By insisting to harvest information about ordinary, innocent, honest citizens telecoms and internet activities–the NSA is about to destroy the things about intelligence and spycraft that actually might be useful and important.

This ought to worry even those who are hawks in international security matters: NSA is killing trust, creating a divide between western allies. By arrogance and overreaching, the NSA is actually weakening western democracies.

The incompetence.

/HAX

0

Ex-NSA boss to head cyber command for US banks

Big banks need to protect themselves against cyber attacks. The question is how.

According to Bloomberg the Securities Industry and Financial Markets Association is setting up a cyber command committee together with (among others) the Treasury Department, the NSA, the DHS and the White House.

And now it’s getting exciting.

Bloomberg writes…

“The trade association also reveals in the document that Sifma has retained former NSA director Keith Alexander to “facilitate” the joint effort with the government. Alexander, in turn, has brought in Michael Chertoff, the former U.S. Secretary of Homeland Security, and his firm, Chertoff Group.” (…)

“[Just-retired NSA Boss General Keith] Alexander had been pitching Sifma and other bank trade associations to purchase his services through his new consulting firm, IronNet Cybersecurity Inc., for as much as $1 million per month, according to two people briefed on the talks.”

So, Big Banking just signed up the ex-NSA boss to handle cyber security. The man responsible for the NSA getting totally out of control and violating civil rights. This is cause for concern.

“IronNet”… it even sounds evil.

What could possibly go wrong?

Well… Some US politicians already have concerns that this might evolve to some sort of cyber wars council engaging in pre-emptive strikes.

/HAX

Bloomberg: Banks Dreading Computer Hacks Call for Cyber War Council »

Washington’s Blog: Big Banks Want Power to Declare Cyber War »

0

Sanctuary for Snowden!

10013823_678237828903738_463038417_n

Pirate and green MEP:s in an action for Snowden in the European Parliament

Time is running out.

NSA-whistleblower Edward Snowden’s resident permit in Russia is limited to one year. Even if Putin would extend it, it would be a good thing to get Snowden out of Russia.

It is outrageous that western democracies refuse Snowden refuge. Doing so, our governments are to blame for him being stuck in Russia.

It is remarkable that countries who have been violated by US mass surveillance still side with the US in this matter.

It is a case for concern that western democracies lack the righteousness to grant one of the most important whistleblowers in history a place of safety.

Now is the moment for internet-, privacy- and civil rights activists to get this affair into the political agenda. Let’s make this a defining moment, where our political leaders will have to make a public stand about Snowden. Let’s find out which politicians are decent and which are not.

/HAX

Related: Aftenposten editorial – The Peace Prize for Snowden »

1

How to kill free information and privacy by stealth

A few years ago Visa, MasterCard, PayPal and Bank of America pulled the money plug for Wikileaks. There was no legal way for the US Government to stop Wikileaks from spreading disruptive facts. So they called in some corporate friends to help.

Now, I do believe that companies have the right to decide who they want to engage in business with. Nevertheless, there is a problem when market dominant companies do so to limit free speech. And Government pressing them to do so is clearly a democratic problem.

In the Wikileaks case we (I used to work for the Pirate Party in the European Parliament) fought in the political arena to bring attention to this. And in a moment of clarity the EU Parliament adopted a resolution (opinion) stating that such action is problematic.

The adopted EP text by Engström et al.

32. Considers it likely that there will be a growing number of European companies whose activities are effectively dependent on being able to accept payments by card; considers it to be in the public interest to define objective rules describing the circumstances and procedures under which card payment schemes may unilaterally refuse acceptance;

If this resolution will lead to any actual political action is unclear. But we tried.

(Later an Icelandic court partly repealed the money embargo against Wikileaks.)

But, as it turns out, this was not an isolated incident. Recently PayPal pulled the plug again. This time the target was the end-to-end encrypted NSA-safe email service ProtonMail. The reason stated was that PayPal is in doubt about the legality of encrypted e-mail, according to US law.

This is a huge issue, in so many ways.

Now, ProtonMail is based in Switzerland. And it is developed by some pretty weighty people, such as MIT, Harvard and CERN researchers.

It is highly questionable if US law is applicable in this case. And, anyhow, if in some strange way it is – this issue should be settled in court.

Here lies a major problem with this kind of outsourced execution of political power. There is no rule of law. (There is not even any law to relate to.) There are no prior proper judicial proceedings. And there is no possibility for redress.

In the ProtonMail case PayPal froze some 275,000 USD. And there is apparently nothing to do about it.

On a similar note, payment providers have blocked the payment channels for VPN services in some countries.

And there are some other, smaller examples from my country, Sweden, where payment providers pulled the money plug for clients that they find to be morally questionable. Among others this has happened to a small company selling DVD horror movies (!) and a web based shop for sex toys.

In these cases, it is not even a question about what is legal. Here it is up to corporate policy makers in board rooms to decide. Often they rely on rather dim, square and uneasy “moral” standards. (E.g. not to upset the US christian right.) And these standards are enforced by multinationals on an international, world wide scale by terms of service.

What to do?

Well, you could call for politicians to draft laws stating that dominant payment providers may not refuse clients who provide goods or services not breaching local law. But doing so might be questionable in principle and difficult in practice. And knowing my politicians, I’m not sure exactly what they actually would deliver if asked to regulate in this field.

Then we have the possibility of consumer boycotts. But for boycotts to be successful, there must be some competition for consumers to turn to. And in this field, there is almost none. It is also doubtful if the general public would get on board, to make a boycott effective enough.

The third option is to turn to digital currency, such as BitCoin. This is by far the best option. Or it would be, if it was more widely adopted. We might get there, but we are not there yet.

So… we have some serious problems here, with no perfect or yet functioning solutions.

But there is one thing we can do, right now: We can raise our voices. We can explain the problem. We can get media interested. We can make this a exhausting PR-issue for the industry. We can make this not only an issue of free speech and privacy, but also about free enterprise for the rest of society. We can name and shame Visa, Mastercard, PayPal and others who give them self power over our very civil liberties.

Spread the word.

/HAX

Update: They just did it again… »

1

“A denial of privacy operates to severely restrict one’s freedom of choice”

“To begin with, people radically change their behavior when they know they are being watched.  They will strive to do that which is expected of them. They want to avoid shame and condemnation. They do so by adhering tightly to accepted social practices, by staying within imposed boundaries, avoiding action that might be seen as deviant or abnormal.

The range of choices people consider when they believe that others are watching is therefore far more limited than what they might do when acting in a private realm. A denial of privacy operates to severely restrict one’s freedom of choice.”

Glenn Greenwald in No Place to Hide: Edward Snowden, the NSA and the Surveillance State.

0

Let’s Unfuck the Internet!

Here we go! Another blog fighting for a free and open Internet, courtesy of the fine people at the 5 of July Foundation.

I’m Henrik Alexandersson, a.k.a. HAX. Until last week I used to work with the Swedish Pirate Party in the European Parliament. Now I’m another freelance writer, internet and civil rights activist living my life as some sort of digital nomad.

I have been fighting the ruling classes and their corporatism from a libertarian platform for some 20 years now. Individual liberty, civil rights, limited state, free markets and peace are things that get me out of bed in the mornings. The views I will express at this blog are my own, though I hope I share them with a lot of people out there.

I have also been a bit of a Hell Raiser on the Internet, before my five years in EU politics. Somehow it seems that I’m still under suspicion for breaching the Security of the Realm in Sweden, after exposing some shady national surveillance activities back in 2008. One of my favourite things is “political vandalism”, where and when it is due.

As a 5J-blogger I will air opinions, bring you news and try to ignite debate. Hopefully, I will also be able to use this platform to stir up controversy, maybe even make some real change. Information is a very powerful tool…

The 5 July Foundation is started by people associated with the Swedish privacy orientated ISP Bahnhof. Bahnhof was the first ISP in Sweden and has always been in the front line defending an open Internet, free speech and free information. As an example, they hosted Wikileaks for some time.

On Twitter I’m @hax. Follow me there and by RSS at this blog for updates. My Swedish blog is www.henrik-alexandersson.se and my e-mail is hax@1010gateway.com (open or PGP). GPG Fingerprint: 693E AD23 1CA1 6ABA 1793 9896 0A57 1CFF 1DC7 C47A

Me, me, me… Now, let’s get some work done!

/HAX

0