Category: Big Brother

Next step in EU court case on Data Retention will be July 19

Very little has been known or reported from yesterday’s hearing on data retention in the European Court of Justice (ECJ).

The hearing was conducted as a part of British and Swedish cases – arguing that data retention in the respective countries should end, as a consequence of the ECJ ruling in 2014 overthrowing the EU Data Retention Directive.

As data retention is found to be in breach of human rights on an EU level, the same should apply on a national level – the argument goes.

I will try to find out more about yesterday’s hearing. And if you find any links, please post them in the comments to this blog post.

The next step in this affair is said to be the Advocate Generals recommendation to the court – to be delivered July 19. (Normally the ECJ will follow this recommendation. But the process is slow, taking several months more.)

/ HAX

GCHQ and Big Entertainment

It was a little-noticed story in the Entertainment and Oddities section: The GCHQ is using its spying network to help the copyright industry prevent “unauthorized distribution of creative works” – meaning ordinary people sharing interesting things with each other. Yes, that spying network which was supposed to prevent horrible terror attacks, and only to prevent horrible terror attacks, to safeguard our very lives as a last line of defense, is now in the service of the copyright industry.

Rick Falkvinge: So GCHQ is already spying on behalf of the copyright industry. Why isn’t there an outcry over this change of mission? »

European court to consider legality of UK surveillance laws

“Blanket retention of communications data, without suspicion, creates a honeypot of information for criminals and hackers, and this case will have implications for personal privacy and the security of individual personal data.”

The Guardian: European court to consider legality of UK surveillance laws »

Update, also see:
The Guardian: MP calls for limit on UK surveillance powers as EU test case opens »

Fierce legal battle over data retention in Sweden

There is a rather interesting legal battle concerning data retention going on in Sweden. Parties are the ISP Bahnhof and the government oversight authority Post- & Telestyrelsen (PTS).

Two years ago, to the day, the European Court of Justice (ECJ) invalidated the EU data retention directive — stating that it is in violation of human rights, especially the right to privacy.

However, in Sweden data retention continues — under a cross-party political consensus. This is to be tried in the ECJ, but is still an open issue.

Meanwhile, Swedish police (and other authorities) are using data retention to demand information about Internet users and their activities from the ISPs.

Referring to the ECJ verdict, the ISP Bahnhof, has refused to share information about minor crimes with the police. After all, data retention was supposed to be about terrorism and other serious criminal activities.

To share information from data retention, Bahnhof requires that the police confirm that it will only be used for investigating serious crimes according to relevant Swedish legal definitions. And Bahnhof demands this information from the police in writing.

The police is not happy about this. Not at all. So it has asked PTS to investigate what can be done. This leading to PTS slamming Bahnhof with a penalty of five million Swedish kronor (some 550.000 euros) if not compliant.

Now, we shall remember that there still is an open case about Swedish data retention in the ECJ. Also, a Swedish administrative court has asked the ECJ for guidance when it comes to the Bahnhof case.

This has lead Bahnhof to ask the Stockholm lower administrative court (Förvaltningsrätten) for inhibition of the PTS decision concerning the fines mentioned above.

Now, this court has granted Bahnhof inhibition — until it has reached a final verdict after careful investigation in the wider context of data retention. However, PTS still can appeal against the inhibition. If so, the case will move up the three-tier Swedish administrative court system.

The bottom line is that a relatively small ISP — backed up by the first ECJ ruling — is prepared to take a fight against the government on data retention. And that the Swedish government is trying to circumvent the ECJ verdict, to maintain mass surveillance.

This is a story to be continued.

/ HAX

Disclaimer: The 5:th of July-foundation, running this blog, is the VPN provider for Bahnhof (and others). Bahnhofs lawyer is also a member of the board of the 5:th of July foundation.

European Parliament to approve PNR next Thursday

The European Parliament will have what is believed to be its’ final vote on EU Passenger Name Record (PNR) in Strasbourg next Thursday, April 14.

For years, the Parliament has tried to stop registration of sensitive personal information related to air travel. But after the latest terrorist attacks, pressure has mounted, and everything suggests that the dossier will be approved during next week’s session.

From the European Parliaments webpage:

Passenger Name Record (PNR) data is information provided by passengers and collected by air carriers during reservation and check-in procedures. Non-carrier economic operators, such as travel agencies and tour operators, sell package tours making use of charter flights for which they also collect and process PNR data from their customers.

PNR data include several different types of information, such as travel dates, travel itinerary, ticket information, contact details, baggage information and payment information.

Parliamentarians have had serious concerns about the impact of PNR on fundamental rights and data protection.

Now he PNR dossier is said to be voted together with the EU Data Protection package – at least allowing some coordinated approach.

Formally, EU PNR is about information regarding passengers arriving on flights from non-EU countries. But there is no doubt this will also apply to intra-EU flights.

So, governments will store information about all of people’s air travel, in detail. This is to be added to information about e.g. all of our telecommunications and our bank transactions. The grip tightens.

(It could have been even worse. Earlier on in the process, the U.K. put forward the idea that all our train travel, car rentals, and hotel stays should also be registered. But I guess they decided to take this one step at a time.)

If nothing short of a miracle occurs, next Thursday the EU will take its’ next step towards Big Brotherism.

/ HAX

Links:
• EP: Final votes on PNR and data protection package »
• News on PNR from the EP (16 July 2015) »
• EP: Much Ado About PNR (19 Jan. 2015 »
• EP: EU Passenger Name Record (PNR) proposal: an overview (14 Dec. 2015) »
• MEPs refuse to vote on PNR before Council strengthens data protection (9 March 2016) »

UK: The Lauri Love case

It is a general principle in democracies under the rule of law that a person suspected of a crime should not be forced to incriminate himself. And the European Convention of Human Rights clearly stipulates the presumption of innocence.

Having that in mind, the Lauri Love case in the UK is troublesome.

Love is being accused of hacking U.S. government computer systems a few years back. He is now fighting extradition to the U.S. — and the British authorities when it comes to the contents of his computers.

The Intercept:

Following Love’s arrest in 2013, the National Crime Agency, or NCA, seized computers and hard drives in his possession. He was then served with an order under Section 49 of the U.K’s controversial Regulation of Investigatory Powers Act, which demanded that he hand over his passwords to open encrypted files stored on the devices.

Years have passed since then — and when Love decided to sue to have his computers and hard drives back, authorities renewed their efforts to access them under Section 49. There will be a court hearing April 12.

“I don’t have any alternative but to refuse to comply,” he told The Intercept. “The NCA are trying to establish a precedent so that an executive body — i.e., the police — can take away your computers and if they are unable to comprehend certain portions of data held on them, then you lose the right to retain them. It’s a presumption of guilt for random data.” (…)

(So I guess you better not have any files with white noise on your hard drive.)

This is not just about Mr. Love. The case can set a dangerous president.

Naomi Colvin, a campaigner for transparency advocacy group the Courage Foundation, told The Intercept that she believed the case could have “huge implications for journalists, activists, and others who need to guard confidential information” — potentially setting a precedent that could make it easier in the future for British police and security agencies to gain access to, or to seize and retain, encrypted material.

In the end, it all boils down to one simple question: Should the government have the right to force you to decrypt encrypted information?

Apart from Ms. Colvins arguments (above), we must consider what would happen if governments are allowed to force you to incriminate yourself. It would shatter presumption of innocence. It could throw court cases into deadlock over evidence that do not exist or cannot be accessed. It would give the prosecution an unfair advantage — especially over innocent individuals, who could be detained until they give up and “confess”.

Equally important, in my mind, is that your personal information is closely connected to your person. It is of less importance if this information is stored in your mind or on an encrypted hard drive. The information you possess is a part of who you are and your life. As long as people are regarded as self-owning individuals (and not the property of the government) everyone should have the right to respect for their own person. (And for private and family life, home, and correspondence.)

But I’m not too hopeful. The Intercept:

Court documents show that the agency requested — and a judge approved — that witness statements and skeleton arguments should not be disclosed “to the press, the public, or any third party save with the leave of the court until after the final hearing, and then only in relation to such matters as are referred to in open court or as permitted or directed by the court.”

/ HAX

Read the full story in The Intercept: British authorities demand encryption keys in case with “huge implications” »

Amnesty: Encryption is about Human Rights

In the digital age, access to and use of encryption is an enabler of the right to privacy. Because encryption can protect communications from spying, it can help people share their opinion with others without reprisals, access information on the web and organize with others against injustice. Encryption is therefore also an enabler of the rights to freedom of expression, information and opinion, and also has an impact on the rights to freedom of peaceful assembly, association and other human rights. Encryption is a particularly critical tool for human rights defenders, activists and journalists, all of whom rely on it with increasing frequency to protect their security and that of others against unlawful surveillance.

• Amnesty: Encryption: A Matter of Human Rights »

• EFF: Amnesty International: Encryption is a Human Rights Issue »

The spiral of silence

A new study shows that knowledge of government surveillance causes people to self-censor their dissenting opinions online. The research offers a sobering look at the oft-touted “democratizing” effect of social media and Internet access that bolsters minority opinion.

The study, published in Journalism and Mass Communication Quarterly, studied the effects of subtle reminders of mass surveillance on its subjects. The majority of participants reacted by suppressing opinions that they perceived to be in the minority. This research illustrates the silencing effect of participants’ dissenting opinions in the wake of widespread knowledge of government surveillance, as revealed by whistleblower Edward Snowden in 2013.

• Washington Post: Mass surveillance silences minority opinions, according to study »
• Motherboard: ‘Chilling Effect’ of Mass Surveillance Is Silencing Dissent Online, Study Says »
• Journalism & Mass Communication Quarterly: Under Surveillance – Examining Facebook’s Spiral of Silence Effects in the Wake of NSA Internet Monitoring »

Apple vs. the FBI — who won?

From the Associated Press Washington desk:

The FBI said Monday it successfully used a mysterious technique without Apple Inc.’s help to hack into the iPhone used by a gunman in a mass shooting in California, effectively ending a pitched court battle between the Obama administration and one of the world’s leading technology companies.

The government asked a federal judge to vacate a disputed order forcing Apple to help the FBI break into the iPhone, saying it was no longer necessary. The court filing in U.S. District Court for the Central District of California provided no details about how the FBI did it or who showed it how.

Justice Department cracks iPhone; withdraws legal action »

But is this really a mystery? I wrote about this some three weeks ago. That was when the ACLU demonstrated that breaking locked iPhones is almost common knowledge in the tech community:

One of the FBI’s Major Claims in the iPhone Case Is Fraudulent »

Never the less many questions remain unanswered. And the FBI is not about to open up. Ars Technica:

Apple likely can’t force FBI to disclose how it got data from seized iPhone »

Here, it is important to understand what this really has been all about:

[The FBI] is not as interested in solving the problem as they are in getting a legal precedent, [Richard] Clarke said. “Every expert I know believes the NSA could crack this phone. They want the precedent that government could compel a device manufacturer to let the government in.”

The Register: Former US anti-terror chief tears into FBI over iPhone unlocking case — They’d just send it to the NSA if they really wanted access, says Clarke »

Now, what about Apple? Have all of this bruised the iPhones reputation when it comes to security?

Well, it shouldn’t. As mentioned, there already are known ways to break into a locked iPhone.

But facts is not the same as the public perception. The general notion is that this is something entirely new.

And, as a matter of fact, the authorities can open up a locked iPhone. Apple do have a very real public relations problem on its’ hands.

Inevitably, Apple will have to beef up the iPhones security shortly. That may, in turn, lead to new conflicts with the FBI & Co.

/ HAX

A European FBI? Really?

Somewhere on the Internet, someone wrote “The purpose of terrorism is to provoke the target government into curtailing civil liberties, so more people become radicalized.”

Close enough. Google “the purpose of terrorism”. The Internets is full of thought-provoking discussion about what the fuck is going on. Or at least, opinions about it.

Terrorism is a wide specter, in many ways. Now, we are waiting to find out how governments are going to react to the Brussels attacks. They will. They have to. That is what politicians do. But… how should they react?

It happens to be that national governments are catastrophically bad at sharing information with each other. At least, when it comes to information that might be a bit sensitive. They simply cannot let everyone else in on everything. They will not do that.

And the EU can do nothing. (I’m not saying that the EU should, absolutely not – but it is noteworthy that it can not. National security is strictly national competence. That’s the rule.)

So there is this bold idea floating around: A European FBI.

In other words, a federal and centralized European police. All information would belong to an EU institution in some Belgian suburb. It would have its nose in everything. Like they say in American crimis… “Oh, shit. The Feds are here.”

Newer the less, it would be a radical way to get all of the European police in line, I guess. And think about all the money they can save by having a common European police uniform.

On the one hand, it is obvious that someone must make national government’s security agencies share relevant information — about common enemies, at least.

On the other hand, who should handle this? Not the Commission itself, I hope. So, give it to Europol, they will say. And right there we also need to give Europol full operative authority in all EU member states.

Europol is the European Union’s law enforcement agency whose main goal is to help achieve a safer Europe for the benefit of all EU citizens. We do this by assisting the European Union’s Member States in their fight against serious international crime and terrorism.
— Europols boilerplate

Europol is largely a post-macho bureaucracy, with some support for member states in need to coordinate specific work and operations. But it’s not very operative in itself. (Europol didn’t even bother to look into the possibility that the NSA hacked the SWIFT bank transaction system, mentioned in the Snowden files. Not even after being asked about it by media and in the European Parliament.)

Should we put these people in charge of running European police? I’m not even sure that Europol would like to. They lack the ambition.

Maybe something… new! And there you have it: Europolice. The only police you will ever need.

Then anything can happen. There will be disasters like a centralized procurement process for toilet paper to all European police stations. There will be a federal authority running its own investigations parallel to local law enforcement. And federal crimes must be handled in a unified way across all of the EU — how do you make that happen?

There will have to be field offices in cities all over the continent, with a partly international crew.

Europolice: Keeper of all information. Online with all national records. Connected to the mass surveillance network. Bureaucracy with operative authority. A single point for failure. Under at best vague democratic oversight.

Are you really sure about doing this?

/ HAX