Category: Data Protection

Routers, a tool for Big Brother?

Routers, for example, capture ‘chatter’ from smartphones, tablets and wearables, including successful and failed attempts to log onto a network, as well as the time they attempted to connect.

In addition, routers capture a media access control (MAC) address from mobile devices, which are unique identifiers for each phone, laptop or tablet that try to connect to the network.

Daily Mail: Forget fingerprints, ROUTERS could soon help police solve crimes: Data collected by Wi-Fi devices can find and identify criminals »

Turning friends into threats

Some weeks ago there was some attention and upset reactions about the Chinese concept of “Sesame Credits”. It’s all about what you say, read, buy and do on the Internet. Your credit status then might decide if you can get e.g. a bank loan or permission to travel abroad.

Nasty indeed. But what make the whole thing really upsetting is that your credit status also will be affected by what your friends do online. This really is a diabolic tool for “social control”. (Video»)

It is easy to believe that it is only those communists in China and such anti-democratic regimes that could apply a system like this.

But, actually, most western democracies can easily do the same thing with data retention. This is a perfect tool for building sociograms. A sociogram is a map showing who is connected to who when it comes to the internet and telecommunications. How the authorities look at you can be determined by the friends you have (and by what friends they have).

So, even if you have “nothing to hide” — you still certainly do have something to fear.

And it’s not just about data retention. The same (or even more detailed) information is collected by Facebook and Google. It most certinly can be obtained by the authorities — and is probably also for sale out there. It would be very strange if various intelligence agencies don’t already have access to this information.

In this way, Big Brotherism is breaking down trust between people in our societies. And that is a very bad thing.

/ HAX

Crypto wars, the simple truth

“To put it bluntly: the call to provide law enforcement (or, anyone) exceptional access to communications and content poses a grave threat to the future of the Internet. It is simply not possible to give the good guys the access they want without letting the bad guys in. There’s nothing new or novel in this statement. Experts have been saying the same thing for 20 years. While the message is old, with the integration of Internet technologies into nearly all aspects of life, the stakes are higher than they’ve ever been.”

Meredith Whittaker and Ben Laurie: Wanting It Bad Enough Won’t Make It Work: Why Adding Backdoors and Weakening Encryption Threatens the Internet »

The real danger with state spy trojans

A state trojan is when a government authority places a secret, hidden spy program on your computer, smartphone, tablet or server. It can be used to monitor everything you do. No matter if you use encryption or safe messaging apps. What you see, the police and intelligence authorities will see. Every keystroke can be tracked, often in real time. All your files can be accessed. All your communications can be scrutinized.

And, in the words of the founder of state intelligence, Cardinal Richelieu… “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”

Many countries are already using state spy trojans for surveillance. And others are to follow suit. At the moment countries like Spain and Sweden are trying to rush legislation trough.

State trojans are usually not used for mass surveillance. (But they can be.) At least not in most countries — where some sort or court order or other judicial process under the rule of law will apply before the trojan is being launched. So, the main problem in most cases is not about people’s right to privacy in general. This is targeted surveillance. But of course, it can be misused and/or used too generously.

The real problem is that state (and other) spy trojans will make our computers and entire IT systems vulnerable. In turn, this can be used by criminals, by foreign governments and by others interested in you, your communications and your data.

And what will happen when governments are using the same sort of tools as criminals? In the words of Amelia Andersdotter and Christer Spörndly… “The logical, and very disturbing, consequence is that there will be no incitement to identify and stop security vulnerabilities.” There are no security glitches only accessible for the government. If you leave a door open, it is open for everyone.

And to build these spy trojans, governments will have to use some sort of known security vulnerabilities. Or even worse, they might buy spyware from external developers — who also have other customers…

State spy trojans are a nightmare. They will make us all less safe.

/ HAX

What you need to know about Passenger Name Records (PNR)

The EU is about to adopt a new regulation regarding registration of our air travel.

Passenger Name Records (PNR) has earlier been blocked by the European Parliament, because of privacy concerns. But after the Parris attacks, it seems to be impossible to prevent this form of surveillance.

EDRi has published a detailed FAQ about PNR. »

The Directive is being adopted despite concerns raised by the Fundamental Rights Agency (FRA), the European Data Protection Supervisor (EDPS) and Article 29 Working Party. A study undertaken for the Council of Europe explained that “no serious, verifiable evidence has been produced by the proponents of compulsory suspicionless data collection to show that data mining and profiling by means of the bulk data in general, or the compulsory addition of bulk PNR data to the data mountains already created in particular, is even suitable to the ends supposedly being pursued –let alone that it is effective”

Notice that data will be saved up to five years — not six months (as many politicians would like us to believe).

EU centre-right group using Paris tragedy to try to kill data protection directive

Since the Paris attacks politicians, police and intelligence agencies have pushed for more mass surveillance. And now, it seems they are also trying to undermine the new EU framework for data protection.

The EU data protection directive has been under massive fire from special interests and member states in the council. But the European Parliament has been firm in insisting on a clear and meaningful framework to protect citizens private data.

Now the centre-right group in the parliament, the EPP, is trying to suspend these negotiations.

“In the aftermath of the cruel attacks in Paris on Friday, Axel Voss MEP, in his capacity as EPP Group Shadow Rapporteur for the Data Protection Directive, has called for the immediate suspension of the Data Protection Directive trialogues and a review of the mandate to identify the impact of the draft text on law enforcement capacity to exchange information.” (…)

“According to Axel Voss, the text stipulates major bureaucratic burdens to law enforcement and security entities and would basically transform them into data protection officers when processing personal data for the purpose of prevention, investigation, detection or prosecution of criminal offences and terrorist activities.”

What this is all about, is the EPP trying to use the tragedy in Paris to undermine the demands for authorities to use citizens personal data in a responsible way. But there should and must be rules for authorities as well.

Data protection is more important today than ever before. Especially when authorities are riding on a wave of fear, trying to advance their positions when it comes to surveillance and data mining.

Link: Data Protection Directive trialogue should be suspended »

/ HAX