Surveillance: Who owns you and your life?

There are many dimensions to the concept of privacy.

A fundamental question is: Who owns you and your life?

If you are not the owner of your person – that will open up for abominations like slavery, organ farming, and some absurd utilitarian concepts.

But if you are the owner of your person – this must include your body as well as your mind and your faculties.

So… if you are the owner of your person – does anybody else (a private person or a collective of persons) have the right to look into your mind, your thoughts and your beliefs? Does anybody else have the right to look into your relations to other people, your quest for knowledge or your personal habits and preferences?

Because that is exactly what is done when government snoops around in your communications, among your files and in your social networks.

The only reason I can find for allowing this is if a person is threatening other peoples’ security or property.

A person who is no threat to others should be left alone. And this is actually what is said e.g. in the European convention on human rights. People have the right to privacy and private correspondence unless they are a threat to others or to society. (Obviously, it might be debated what constitutes a threat to society. But you get the general rule.)

However, governments do not care. They want mass surveillance. They want to collect as much information as possible about as much people as possible.

The ruling political class simply does not treat us as free citizens but as serfs.

You should keep that in mind next time there is a general election.

/ HAX

Governments vs. WhatsApp

In other words, there is no central repository of plain-text messages that the company can access to comply with a court subpoena. Nor is there a “universal key” that can be used as a government backdoor to decrypt information. When a user sends a message on WhatsApp, he or she can feel fairly confident that no confidence man in the middle lurks between them and the intended recipient of a message. Such security is a very strong selling point in this age of constant data breaches and headache-inducing identity thefts.

Reason: Why We Should All Care About Brazil’s War on WhatsApp »

What to learn from the Abdesalam fiasco

Surveillance should only be directed against people who are suspected of (or to commit) serious crimes.

Mass surveillance – of everyone – only creates a bigger haystack, more false positives, and hamper police and intelligence authorities in their efforts to identify real threats.

Take the Abdesalam brothers in the Paris attacks as an example…

Both were known to Belgian authorities; both were suspected to prepare “an irreversible act”. For years.

This is a case of sloppiness, lacking resources and being Belgian.

Belgium might be a dysfunctional mess, but the problem is the same in other countries. The more mass surveillance data, the more police officers gazing at computer screens – the less security and safety.

Authorities all over would need to get serious, pretty quickly. There is no room for public sector inefficiency when it comes to fighting terrorism. There is no room for incompetence and idleness.

And there are no (valid and publicly acceptable) reasons to replace human intelligence with mass surveillance of the entire population.

The Americans might do it. The Russians and Chinese also do it, for sure. But that is no reason that Europe should. This is exactly what makes our liberal democracy so special. In Europe, we trust ordinary and law-abiding people enough to keep out of their private lives.

The Paris attacks were very real, sad and terrifying. The Abdesalm brothers are very real terrorists. This reality underlines that we need other methods to protect us from danger rather than mass surveillance and data retention. We need wise and competent people, knowing what they are doing. If there are any.

/ HAX

• Link: Belgian police knew since 2014 that Abdeslam brothers planned ‘irreversible act’ »

Study: The surveillance state breeds fear and conformity and stifles free expression

A newly published study from Oxford’s Jon Penney provides empirical evidence for a key argument long made by privacy advocates: that the mere existence of a surveillance state breeds fear and conformity and stifles free expression. Reporting on the study, the Washington Post this morning described this phenomenon: “If we think that authorities are watching our online actions, we might stop visiting certain websites or not say certain things just to avoid seeming suspicious.”

The Intercept: New Study Shows Mass Surveillance Breeds Meekness, Fear, and Self-Censorship »

The haystack dilemma

Binney said that an analyst today can run one simple query across the NSA’s various databases, only to become immediately overloaded with information. With about four billion people — around two-thirds of the world’s population — under the NSA and partner agencies’ watchful eyes, according to his estimates, there is too much data being collected.

“That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,” said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack.

ZDNet: NSA is so overwhelmed with data, it’s no longer effective, says whistleblower »

A closer look at Hacking Team

Here is an interesting piece in Foreign Policy: Fear this man »

It’s about the Italian firm Hacking Team and its founder and CEO, David Vincenzetti. The article gives an interesting and chilling glimpse into the commercial side of providing governments with IT tools for surveillance – that also is being used by authoritarian regimes for oppression and disinformation.

“Privacy is very important,” Vincenzetti says on a recent February morning in Milan, pausing to sip his espresso. “But national security is much more important.”

Data protection: EU-US standoff

The EU-US Privacy Shield is to replace the so-called safe harbour agreement about the transfer of personal data between EU and the US — after the European Court of Justice (ECJ) invalidated the latter.

As reported earlier, the privacy shield is a principal agreement that yet has to be filled with substance. Even though the European Commission and Washington claim to have struck a deal, it is far from being finalised.

Actually, things are moving the opposite way. Reuters:

Last week, the EU’s 28 data protection authorities – known as the Article 29 Working Party – published a non-binding opinion on the framework which called for more reassurances over U.S. surveillance practices and the independence of a new U.S. privacy ombudsman.

Leaving some of the regulators’ concerns unaddressed could increase the chances of the Privacy Shield being challenged in court by privacy advocates, much as its predecessor was.

This is a mess. Obviously, the EU is not strong enough to stand up to the US on data protection. And the US is not interested in respecting a strong European legal framework in this field.

Some links:
• EU data enforcers demand privacy shield fixes »
• Privacy panel trips up transatlantic data deal »
• US businesses: Start preparing for the EU’s new privacy regulation »
• U.S. reluctant to change data pact after EU watchdogs’ concerns »

Earlier posts:
• “EU-US Privacy Shield must be sent back to negotiators” »
• The EU-US Privacy Shield: EU presents a pointless proposal »
• The EU-US Privacy Shield Illusion »
• An EU-US Privacy Shield? »

/ HAX

EFF vs. DoJ

The Electronic Frontier Foundation (EFF) filed a Freedom of Information (FOIA) lawsuit today against the Justice Department to shed light on whether the government has ever used secret court orders to force technology companies to decrypt their customers’ private communications, a practice that could undermine the safety and security of devices used by millions of people.

EFF Sues for Secret Court Orders Requiring Tech Companies to Decrypt Users’ Communications »

“Microsoft sues government for secret searches”

Microsoft filed a landmark lawsuit against the U.S. Department of Justice on Thursday, taking a stand against the way federal agents routinely search its customers’ personal information in secret.

The company accuses the federal government of adopting a widespread, unconstitutional policy of looking through Microsoft customers’ data — and forcing the company to keep quiet about it, sometimes forever.

CNN: Microsoft sues government for secret searches »