Navigation

Archive | Data Protection

Please support EDRi!

By on February 17, 2015 in Data Protection, EU, Hacktivism, Internet

During the five years that I worked in the European Parliament – one organisation stood out when it came to protecting our digital rights (on issues like privacy, data protection, mass surveillance, web censorship etc.)

That organisation is EDRi – European Digital Rights.

EDRi is campaigning in a very hands on way, asking the hard questions at public hearings, serving the European Commission and the European Parliament with facts and helping members of parliament to fight and amend bad legislation.

It is essential that EDRi will be able to continue its work. They are often the last defence line when politicians endanger our free and open Internet.

Please follow these links to support EDRi:
Final push for our crowdsourcing campaign »
Support Digital Rights in Europe! »
Donation FAQ »

Tank you. Very Much.

/ HAX

1

The EU and a global ban on encryption

By on February 15, 2015 in Cryptography, Data Protection, Democracy, EU, Global Politics, Internet, Privacy, surveillance, US

Will encryption become illegal? Will governments demand “golden keys” to commonly used encryption? If governments will go after encryption, will they make a difference between encryption used in Internet “base traffic” and encryption used by people to protect their mail and hard drives? What about apps? Nobody seems to know. All we do know is that governments would like to have access to all our communications.

Even if they have tried to keep it under wraps EU member states would like to circumvent encryption. In a leaked dokument from the informal meeting with EU justice and home affairs ministers the other week (PDF), we have it in writing…

“Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys). “

So, we pretty much know what the EU stance will be at the Global Security Summit, in the US nest week.

Interestingly, the European Parliament seems to have an opposite position. In its resolution on mass surveillance of March 2014, the Parliament states that…

[The EP] calls on the Commission to […] ensure a high level of security of telecommunication networks and services, including by way of requiring state-of-the-art end-to-end encryption of communications.

[The EP] calls for the EU to take the lead in […] rerouting of Internet traffic or full end-to-end encryption of all Internet traffic so as to avoid the current risks associated with unnecessary routing of traffic through the territory of countries that do not meet basic standards on fundamental rights, data protection and privacy.

[The EP] calls for the promotion of … encrypting communication in general, including email and SMS communication.

Apparently the European Parliament takes a very different stand, compared to EU member states.

And the Council of Europe (a parlament-like assembly with representatives from most European countries, including non-EU states) makes its position clear in a report…

“The assembly is deeply worried about threats to internet security by the practice of certain intelligence agencies […] of seeking out systematically, using and even creating “back doors” […] which could easily be exploited also by terrorists and cyber-terrorists or other criminals. […] The creation of “back doors” or any other techniques to weaken or circumvent security measures or exploit their existing weaknesses should be strictly prohibited.”

Again, this is a clear standpoint, the very opposite to that of EU member states.

To continue, we have a study from the European Parliament’s Science and Technology Options Assessment unit stating…

“The only way for citizens to counteract surveillance and prevent breach of privacy consists in guaranteeing uncorrupted end-to-end encryption of content and transport channel in all their communications.”

“The EU should invest in resilient open source implementations of different encryption specifications that can be verified and validated for correctness … providing users with unbreakable cryptographic protection. … The EU should invest in making users aware […] how [they] can reduce their digital footprint by following behavioural rules and applying encryption and anonymising principles.”

To put it simply: EU member states would love to have a ban on encryption or a “golden key”. Other relevant European institutions take an opposite standpoint — valuing and defending encryption.

But it will be the EU member states (and the EU Counter-Terrorism Coordinator) who are present at the Global Security Summit in Washington the coming week. And they will try to make their position global policy.

There is a way to get an encryption ban / golden key out of the summits agenda. That is to make this a public issue, to get the media involved and for people to speak out against this madness.

What we do right now will define our future.

/ HAX

Links:
• Not this again! Europe mustn’t backtrack on its support of encryption and rejection of surveillance »
• Next Week, World Leaders Will Meet to Talk About How Much They Hate Encryption »
• Council of the European Union (EU member states) PDF »
• Council of Europe (PDF) »
• UK Surveillance Consultation Suggests It Is End-Point Security, Not Encryption, That Cameron Wants To Subvert »
• In two weeks time, world leaders may decide to undermine encryption »

0

European Parliament still standing up to PNR

By on February 9, 2015 in Data Protection, EU, PNR, Privacy, War on Terror

Thursday and Friday this week there will be another EU summit, where national leaders will adress security issues. A European Passenger Name Registration (PNR) system will to be among the top subjects on the agenda — as this also is to be a priority topic at the Global Security Summit in the US next week.

But the European Parliament will not back down. The majority position seems to be that you should not retain personal data about all air passengers in the EU — only when it comes to “a smaller target list of suspects”.

Liberal MEP Sophie in’t Veld declares that “fundamental issues of trust surrounding data sharing needed to be addressed before provisions for collecting data are centralised”.

Read more: Parliament resists pressure on passenger data ahead of EU summit »

/ HAX

1

International Bullshit Day

By on January 28, 2015 in Big Business, Big Government, Data Protection, EU, Privacy, US

Today (January 28) is Data Protection Day (Europe) or Data Privacy Day (US and Canada).

From Wikipedia…

Data Privacy Day’s educational initiative originally focused on raising awareness among businesses as well as users about the importance of protecting the privacy of their personal information online, particularly in the context of social networking. The educational focus has expanded over the past four years to include families, consumers and businesses. In addition to its educational initiative, Data Privacy Day promotes events and activities that stimulate the development of technology tools that promote individual control over personally identifiable information; encourage compliance with privacy laws and regulations; and create dialogues among stakeholders interested in advancing data protection and privacy. The international celebration offers many opportunities for collaboration among governments, industry, academia, nonprofits, privacy professionals and educators.

Splendid! Or..?

Let’s follow the money. Among participating organisations and corporate supporters are: FTC, FCC, FBI, New York State Attorney General Office, UK Information Commissioner, Microsoft and Verizon.

Yeah, right!

The core question when it comes data protection / privacy is: Who is the owner of your personal data? Is it you? Or someone else?

The EU is in the process of hammering-out new data protection laws. In this work US government and corporate lobbyists, as well as most EU member states are working hard to take away your control over your personal data.

They paint one image. But the do the opposite.

So–IMHO–Data Protection Day / Data Privacy Day is mostly astroturf.

If you really want to celebrate January 28 – you should support European Digital Rights (EDRi) and the Electronic Frontier Foundation (EFF).

/ HAX

0

Hacking politics

By on January 27, 2015 in Big Government, Copyright, Data Protection, Democracy, EU, Hacktivism, Intellectual Property, Internet, Privacy, surveillance

A free and open internet, copyright reform, mass surveillance, data protection and civil rights are all issues where the rules are decided in politics. But politics is not always a fair and open democratic process. And change do not always has to be initiated from within the traditional political system.

Former Pirate Party member of the European Parliament (MEP) Amelia Andersdotter this weekend delivered a piece over at TorrentFreak: Pirate Party MEP Fails to Deliver True Copyright Reform »

Here she criticises newly elected German Pirate MEP Julia Reda for her report on EU copyright reform. Andersdotter writes “De facto, Julia Reda is more conservative than the European Commission, and this is a massive problem for representative democracy.”

In defence of Reda, one could say that she has written a report (not legislation) that the European Parliament might be able to accept. This report, written by some other MEP, probably would have been right out damaging. Reda has picked the fights she might be able to win.

But that still leave us with the problem that there might be no real copyright reform in the EU, if left to the EU institutions. Which brings me back to my thesis that you need external pressure in combination with inside political initiatives to change things. To get toothpaste out, you have to apply pressure to both sides of the tube.

I have worked with internet related issues inside the European Parliament. Before that I was an activist outside the EU institutions. Frankly I cannot say when I had the best possibility to influence, to change things. Inside you have resources, not available to activists. But outside you are a voice from reality, of the people–that most politicians will have difficulties to ignore. (Especially if you manage to involve the media.)

Inside the political system you have a choice between different strategies.

You can burry yourself in details. That ought to be a reasonable approach. But in reality you will find yourself in a never ending flood of paper. To do this you need vast resources when it comes to time, manpower and expertise.

The other inside strategy is simply being there. To offer others your perspective, to ask the hard questions, to lead media in the right direction, to be a visionary and a crusader with a cause. For small political organisations, with small resources–this might be the easier way to go.

One, two, twenty or no internet friendly MEP:s or MP:s–most of us will still be outside the parliamentary and political system. But we can make a difference. We are the ones who shape public opinion. We are civil society. We can make politicians jump. To do so, we just have to take action.

/ HAX

Links:
Pirate Party MEP Fails to Deliver True Copyright Reform »
Christian Engström: Political Activism (Pirate Visions) »

1

EU to sell out data protection in new trade agreement?

By on December 17, 2014 in Data Protection, EU, Privacy, US

Free Trade is a good thing. But–as I have written earlier–international trade agreements seems to be about everything but free trade.

The latest example is the Trade in Services Agreement (TISA). This agreement is to be signed by the EU, the US and many others. Among other things, it covers E-commerce. So far, so good.

The problem is that TISA (as most other international trade agreements) surpass some pretty important local rules. In this case, it might throw out European data protection rules.

The EU is in the process of setting up a new data protection framework. This rises questions like: Who owns your personal data? Is it you? Or do you have nothing to say about the matter?

In this context it is alarming that the EU is about to enter an international agreement stating that “No Party may prevent a service supplier of another Party from transferring, accessing, processing or storing information, including personal information, within or outside the Party’s territory, where such activity is carried out in connection with the conduct of the service supplier’s business.”

The EU and the US have had an agreement (the Safe Harbour agreement) stating that American companies must handle data about european customers in accordance with European data protection rules. As it has turned out, this agreement has been almost totally ignored by the US.

And now, the TISA agreement seems to sidestep European data protection all together.

While some members of the European Parliament (like German Pirate Party MEP Julia Reda) is trying to ensure a strong European data protection package–the usual suspects (most MEP:s from traditional parties) are prepared to sell out.

/ HAX

0

A never ending struggle

By on December 4, 2014 in Big Government, Data Protection, Democracy, EU, Hacktivism, Internet, Privacy, surveillance, Sweden

For some days I have been a complete political news junkie–as the latest Swedish government just went down in flames. Looking forward, naturally I have some general preferences about who should rule my country. (Even if a lame duck administration as the present one isn’t all that bad. Hopefully it will not be able to do a lot of stupid stuff.)

But when it comes to some of my favourite issues, I’m frustrated.

We have the centre-right parties (in power until September 2014)–being really bad on surveillance, ignorant at best when it comes to data protection and in the grip of the copyright industry.

Then we have the socdem-greens (that, in practice, fell from power yesterday). The Social Democrats are just as bad as the centre-right people in these matters. And the Greens are selling out on the same issues, just for the grandeur of being in government. (Come on, give the Ring back to the nice Mr. Frodo.)

The third group (causing most of the stir) are some nationalist, xenophobic and semi-populists. Again, they are just as bad. (I guess that they haven’t realised that they are a given target for government surveillance.) And in general they are occupied with nostalgia rather than issues concerning the future.

Finally we have the Pirate Party, not even in the Swedish parliament with only 0.43 per cent of the votes in the latest elections. (So I guess the general population doesn’t bother about these issues either…)

Still, the surveillance issues are important–and rather pressing. What the government does in the EU is important as we are in the process of hammering-out new European data protection rules. And an European copyright reform.

In the bigger picture a free and open Internet is essential for democracy, culture, business, science and education. Yet, in Sweden 99,57 per cent of the votes are casted on political parties more or less uninterested, ignorant or plain evil when it comes to Internet and surveillance matters.

And it seems that Sweden isn’t unique. The picture is the same in most countries.

In dark moments I think this might be just as well. There are no guarantees that politicians will do the right thing, even if they are interested. So it might be better to trust spontaneous order, peoples creativity, the market and net freedom activists to be one step ahead and to raise objections if politicians go wrong.

The problem is, politicians go wrong about the Internet, surveillance, data protection, copyright and civil liberties all the time. The fact that they are uninterested or ignorant doesn’t stop them. In most cases they just rubber stamp papers that government officials hand them, anyway. Politics is in the equation, like it or not.

So we need to apply a constant external pressure on politics. To show the way, to campaign and to hit politicians and government officials hard when they do something stupid or dangerous.

It’s a never ending struggle.

/ HAX

0

Mass surveillance is bad for business

By on October 9, 2014 in Data Protection, Internet, NSA & Snowden, Privacy, surveillance, US

The quote of the day comes from Microsoft General Counsel Brad Smith at the Silicon Valley panel discussion on NSA surveillance, organized by Senator Ron Wyden (D – Oregon).

“If you’re a consumer or a company, you own your email, your text messages, your photos and all the content that you create. Even when you put your content in our data centers or on devices that we make, you still own it and you are entitled to the legal protection under our Constitution and our laws. We will not rebuild trust until our government recognizes that fundamental principle.”

Money talks. Mass surveillance erodes customers confidence in the tech industry. Business is lost when customers shy away from US Internet based services.

And it’s not just about business. Google’s Eric Schmidt warned about a fragmented, balkanized Internet. Wired sums it up…

“The cost will be huge in terms of shared knowledge, discoveries, and science. It will also be expensive, since the cost of running data centers in every country where they have customers may be too much for some firms to handle.”

The Civil Rights movement, Internet activists and the tech industry–now they all seems to stand together against US Government, its’ security bureaucracy and the security industry.

This might be the tipping point in our fight for a free and open Internet.

Some links: Wired » | CNet » | WP » | PC World » | The Register »

/ HAX

1

Finally, someone is barking under the right tree

By on September 24, 2014 in Data Protection

When the Swedish Tax Authority (Skatteverket) was hacked a few years ago–all attention was focused on the court case that followed against the alleged hacker, Gottfrid Svartholm Warg (a.k.a. anakata).

There was little or no notice taken to the fact that the IT system in question was poorly protected.

During the entire process, Skatteverket as well as its system contractor Logica tried to keep that aspect of the case under the radar.

But finally someone has picked up on this. Today the Swedish Pirate Party former member of European Parliament Amelia Andersdotter has submitted a complaint to the Swedish Data Protection Agency (Datainspektionen).

The point of the complaint is that Skatteverket doesn’t care enough about security in IT system procurement.

This will be interesting to follow, as EU public procurement rules in many cases don’t really give that much room for other considerations than price.

(In addition to traditional IT security issues, it might also be a good idea to look into contractors relations with other countries intelligence and surveillance networks–so that they won’t provide backdoors for NSA, GCHQ or others.)

Amelias blog post (in Swedish) »

/ HAX

0