Archive | NSA & Snowden

Internets imprisoned and fallen

I feel that I ought to pay tribute to Ian Murdock, father of Linux Debian, former Sun VP and Linux Foundation CTO. And I do, by linking to this piece at ArsTechnica, painting a much better picture than I ever could:

Ian Murdock, father of Debian, dead at 42 — Former Sun VP and Linux Foundation CTO died under suspicious circumstances »

As this, according to Murdock’s tweets appears to be a suicide and me not knowing anything much about the circumstances, my first thought was to leave it there. But the Internet led me on. Apparently there had been some confrontation with the police. (Murdock’s tweets ») And that is a red flag.

Back to Ars Technica:

On Monday at 2:13pm Eastern Time, Murdock apparently posted that he was going to kill himself:

» I’m committing suicide tonight…do not intervene as I have many stories to tell and do not want them to die with me #debian #runnerkrysty67 «

Also on Monday, Murdock wrote a string of posts that indicate he had a confrontation with police. Inquiries to the San Francisco Police Department by Ars went unanswered. Update: Public records indicate Murdock was arrested in San Francisco on December 27 and released on bail, but no details were available on the charges.

Of course, I know nothing about the circumstances. And I shouldn’t speculate. But the story of Aaron Swartz falls into one’s mind. He was a champion for a free and open internet, who actually managed to accomplish things and who stopped harmful political bills. He was prosecuted in a very strange federal case of possible copyright infringements and faced $1 million in fines and 35 years in prison. He declined a plea bargain and shortly after that he killed himself. (Also see the documentary: The Internet’s Own Boy The Story of Aaron Swartz ») There are some disturbing similarities with the Murdock case.

But it might just be similarities. And people do fall over the edge sometimes. But standing eye to eye with the judicial system and the police definitely can push someone over that edge. Trust me on that one.

Do you remember Michael Hastings, the successful investigative reporter? His car mysteriously ran into a palm tree and exploded in LA, shortly after he had told his associates that he was on to something big, once again. And his targets were usually the darker side of government and its functionaries.

Journalist and internet activist Barrett Brown clearly was pushed into a corner by the authorities, resulting in him currently spending 63 months in federal prison. It all happened when he was working on ProjectPM, investigating outsourcing of government intelligence operations to private contractors — and the inner workings of the cyber-military-industrial complex.

Chelsea Manning is spending 35 years in prison, basically for having exposed the truth about the government’s politics and actions to the public. This imprisonment is right out offensive.

Wikileaks editor in chief Julian Assange is confined to the Embassy of Ecuador in London, where his freedom of action is quite limited. This following a European Arrest Warrant after some rather vague accusations about sexual misconduct in Sweden. And NSA whistleblower Edward Snowden is stuck in Russia, after the US retracted his passport. In both these cases it’s about people who have made information public — that the people in a democracy ought to have the right to know about anyhow.

There is a disturbing pattern emerging. If you push the envelope too far, bad things happen to you.

No, I am not a conspiracy theorist. Clearly Brown, Manning, Assange and Snowden had it coming. Murdock and Swartz obviously were under harrowing pressure. And there is no hard evidence of foul play in the Hastings case, just strange circumstances. But still, it’s all very troublesome and sad.

Are journalists, internet activists and whistleblowers the imprisoned and fallen political dissidents of our time? Is the truth and a free flow of information really that dangerous to the Establishment? If so, what kind of a society is this?

Our thoughts are with Ian Murdock’s family and friends.

/ HAX

0

The normalisation of mass surveillance

Once upon a time, there were rumors about a global surveillance network — Echelon. When the European Parliament decided to look into the matter, it turned out it did indeed exist. For years to follow there were rumors about US intelligence organisation NSA and its new capabilities to “collect it all”. And a few years ago, the Snowden documents exposed exactly that.

Then followed a state of resignation.

In 2013/14, it was brought to light that the NSA might have compromised the international clearing system for bank transfers, European run SWIFT. It’s a bit odd, as the US can have as much information about European bank transfers as they want, in accordance with the EU-US TFTP agreement. Newer the less, there were strong indications of something going on. This time the European police agency, Europol, didn’t even bother to look into the matter. In a European Parliament hearing Europol director Bob Wainwright explicitly said so. (The hearing is quite surreal. It’s all on video here. »)

In Germany, politicians softened their tone against the US/NSA when threatened with limited access to US intelligence. It also turned out that under the level of political polemic, the BND had been working very closely with the NSA all the time. And in Sweden, according to the Snowden files, SIGINT organisation FRA has access to NSA superdatabase XKeyscore. Swedish politicians (including the Greens, who are now in government) will not even comment on the legality of this.

The European Court of Justice has invalidated the EU data retention directive, finding it in breach of fundamental human rights. Never the less most EU member states are upholding (and in some cases implementing) data retention, leading national constitutional courts to object. But data retention fits well with US surveillance systems, so it seems to be less important if it is legal or not.

I could go on, but I better get to my point.

Politicians and intelligence bureaucrats are sending some pretty clear signals these days. They do not care about what is legal or not legal. They do not care if being exposed. They do not even comment on issues that ought to be fundamental in a democracy. The message is: This is the way it is. Live with it.

If there was ever need for a broad political movement against mass surveillance, it is now.

/ HAX

1

EU: It’s Snowden-time!

It is getting painfully clear: No single western democracy will stand up against the US to grant NSA-whistleblower Edward Snowden refuge – and refuse to hand him over to Washington.

So it’s time for plan B: Let’s campaign for the EU to provide sanctuary for Snowden.

Snowden is a very hot potato for western politicians. There is a clear public demand to grant him asylum or some other form of protection. On the other hand, the US will apply extreme pressure on any country that does.

In the EU, politicians can do the right thing — and avoid to take the heat directly. Questions from the US could be directed to Brussels and the European Commission can blame the European Parliament. No single country or politician will have to stand up against the US administration.

The initiative (probably) will have to come from the European Commission. That’s the tricky part. When it comes to the European Parliament — it has already stated that it wants the EU to provide refuge for Snowden. On the opposing side, we will find most of the member states in the European Council.

It might also be possible to involve the Council of Europe (this is not an EU institution, as this organization has more member states and is the guardian of the Europan Convention on Human Rights).

Let’s use the EU for something good, for a change.

/ HAX

0

Sanctuary for Snowden!

There is a widespread misinterpretation of what the European Parliament had to say about the NSA whistleblower Edward Snowden last week.

The EP did not grant Snowden asylum. It can’t. This is what was decided:

2. Calls on the EU Member States to drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties, in recognition of his status as whistleblower and international human rights defender;

In the EU, only member states can grant him asylum or other forms of sanctuary. And they rather not.

So, it’s up to us.

If you live in an EU member state, you must try to influence your government to do the right thing.

You will have to start petitions, set up Facebook groups, hold rallies, write to politicians and increase the political pressure in your country. That’s the only way to move this matter forward.

Edward Snowden exposed global mass surveillance. He showed the world that politicians do not trust the people. He revealed that our political leaders and their functionaries do not care about human and civil rights.

Edward Snowden is a hero. And he should be treated as one.

But to make that happen, you must get involved.

/ HAX

0

European Parliament supports Snowden and Badawi

Thursday was in some aspects a good day in the European Parliament.

In a resolution on mass surveillance (I’ll get back to that one when we have the final, consolidated text) the EP voted on the Edward Snowden case. (Link»)

By 285 votes to 281, MEPs decided to call on EU member states to “drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties, in recognition of his status as whistle-blower and international human rights defender”.

A very slim victory, but still a victory.

However, most EU member states refuse to give Snowden asylum or other forms of protection. It has been said that they cannot deviate from normal asylum routines (including that the asylum seeker would have to show up in an EU country to have his case examined). But one should keep in mind that most EU states have granted human rights activists and dissidents protection on purely political grounds outside the ordinary asylum process.

So, it’s purely about political will.

Today the EP also rewarded its human rights award — the Sakharov prize — to the Saudi liberal blogger Raif Badawi. (Link»)

Badawi has been put in prison for ten years and is also sentenced to 1,000 lashes for having “insulted” the Saudi political system and the religion.

“This man, who is an extremely good man, an exemplary man, has had imposed on him one of the most gruesome penalties,” Mr Schulz told a packed European Parliament assembly in Strasbourg, France.

“I call on the Saudi king to immediately free him. Relations depend on human rights being respected by our partners… they are not only not being respected but are being trodden underfoot.”

This is a strong political signal, even though it might not really interfere in any substantial way when it comes to relations between the EU and Saudi Arabia. (Unless the Saudis goes bananas, as they have done when being criticised about the Badawi case on earlier occasions.)

/ HAX

0

Some links…

The Intercept: PROFILED – From Radio to Porn, British Spies Track Web Users’ Online Identities »

Falkvinge: GCHQ Is Building A Stasi Archive On Steroids: Why Are People Still Surprised? »

EU Law Analysis: American Mass Surveillance of EU citizens: Is the End Nigh? »

Netzpolitik: Strategic Initiative Technology: We Unveil the BND Plans to Upgrade its Surveillance Technology for 300 Million Euros »

The Daily Dot: FBI and DEA under review for use of NSA mass surveillance data »

TorrentFreak: Pirate Bay Founder Finally Free After Three Years »

0

EU: Parliament just came out in favour of Snowden, open-source, encryption, digital freedom and anonymity

Today, the European Parliament adopted a resolution called “Human rights and technology in third countries” (2014/2232(INI)).

This is just a resolution, not legislation, but very interesting nevertheless. The European Parliament…

3. Believes that the active complicity of certain EU Member States in the NSA’s mass surveillance of citizens and spying on political leaders, as revealed by Edward Snowden, has caused serious damage to the credibility of the EU’s human rights policy and has undermined global trust in the benefits of ICTs;

Shame on the Brits, French, Germans and Swedes. (And several others.)

6. Calls for the active development and dissemination of technologies that help protect human rights and facilitate people´s digital rights and freedoms as well as their security, and that promote best practices and appropriate legislative frameworks, while guaranteeing the security and integrity of personal data; urges, in particular, the EU and its Member States to promote the global use and development of open standards, and of free and open-source software and cryptographic technologies;

Nice. This is one we should remind the European Parliament about over and over again–when it tries to make decisions going in the other direction.

9. Urges the EU itself, and in particular the EEAS, to use encryption in its communications with human rights defenders, to avoid putting defenders at risk and to protect its own communications with outsiders from surveillance;

Welcome to the real world.

10. Calls on the EU to adopt free and open-source software, and to encourage other actors to do so, as such software provides for better security and for greater respect for human rights;

This is not the first time the EP makes such a statement. But real progress seems to be very slow.

14. Draws attention to the plight of whistleblowers and their supporters, including journalists, following their revelations of abusive surveillance practices in third countries; believes that such individuals should be considered human rights defenders and that, as such, they deserve the EU’s protection, as required under the EU Guidelines on Human Rights Defenders; reiterates its call on the Commission and the Member States to examine thoroughly the possibility of granting whistleblowers international protection from prosecution;

65. Calls for the scope for international protection of whistleblowers to be extended, and encourages the Member States to table laws to protect whistleblowers;

Very nice. But still, no EU member state is prepared to grant Edward Snowden refuge or asylum.

19. Calls for the inclusion of clauses in all agreements with third countries that refer explicitly to the need to promote, guarantee and respect digital freedoms, net neutrality, uncensored and unrestricted access to the internet, privacy rights and the protection of data;

So, if the EU-US Trade Agreement (TTIP) will include copyright enforcement threatening digital freedom and privacy–the EP will vote no?

We must be sure to make a note of that one. And the next…

20. Urges the EU to counter the criminalisation of human rights defenders’ use of encryption, censorship-bypassing and privacy tools, by refusing to limit the use of encryption within the EU, and to challenge third-country governments that level such charges against human rights defenders;

21. Urges the EU to counter the criminalisation of the use of encryption, anti-censorship and privacy tools by refusing to limit the use of encryption within the EU, and by challenging third-country governments that criminalise such tools;

61. Calls for each individual to be entitled to encryption, and for the conditions needed to allow encryption to be created; takes the view that controls should be a matter for the end user, who will need the skills required to carry out such controls properly;

62. Calls for the introduction of ‘end to end’ encryption standards as a matter of course for all communication services, so as to make it more difficult for governments, intelligence agencies and surveillance bodies to read content;

As far as I can understand, the European Parliament just came out strongly against a ban on encryption.

27. Considers mass surveillance that is not justified by a heightened risk of terrorist attacks and threats to be in violation of the principles of necessity and proportionality, and, therefore, a violation of human rights;

63. Emphasises the special responsibility of government intelligence services to build trust, and calls for an end to mass surveillance; considers that the monitoring of European citizens through domestic and foreign intelligence services must be addressed and stopped;

So, what’s about EU member states continuing data retention?

40. Calls for the development of policies to regulate the sales of zero-day exploits and vulnerabilities to avoid their being used for cyber-attacks, or for unauthorised access to devices leading to human rights violations, without such regulations having a meaningful impact on academic and otherwise bona fide security research;

In your face, NSA…

45. Condemns the weakening and undermining of encryption protocols and products, particularly by intelligence services seeking to intercept encrypted communications;

…and the GCHQ.

46. Warns against the privatisation of law enforcement through internet companies and ISPs;

This ought to be seen as a clear warning not to go down that road in the TTIP.

49. Calls explicitly for the promotion of tools enabling the anonymous and/or pseudonymous use of the internet, and challenges the one-sided view that such tools serve only to allow criminal activities, and not to empower human rights activists beyond and within the EU;

Actually, I’m overwhelmed. But then again, this is not legislation.

However all of the above can be very useful as a reminder when the EU Commission and Council tries to get the Parliament to do the opposite. Or when the Parliament suddenly goes bananas on its own. (It frequently does. It surely will happen again very soon.)

The text as PDF »

/ HAX

3

Industry wants NSA access to European personal data

The EU is in the process of modernising data protection — in the General Data Protection Regulation (GDPR).

One key point is that European personal data, stored in Europe should be protected under European law. Companies should be able to deny requests for personal data from non-member countries. Politico.eu explains…

A small section, Article 43a, says companies should not always comply with requests from courts, tribunals and administrative authorities in non-EU countries for the personal data of Europeans. The only exceptions would be under law enforcement treaties or relevant agreements between those countries and the EU, or individual European countries.

This ought to be a no-brainer. But it has turned out to be highly controversial. One reason might be that US intelligence and law enforcement would like to have access to as much as possible. (And sadly they probably will, under other agreements and treaties. But it shouldn’t be the default mode.)

This is the position of the European Parliament. However, EU member states in the European Council are not at all happy with this article. Apparently, their allegiance does not lie with the citizens and European business.

And now the Industry Coalition for Data Protection (ICDP) composed of Big Data, IT- and telecoms multinationals have stepped in to kill article 43a.

The coalition sent a letter this week to Justice Commissioner Věra Jourová, parliamentary rapporteur Jan Philipp Albrecht MEP, and the Luxembourg presidency of the Council of the EU — the key representatives of the three institutions that are currently negotiating the regulation’s text.

The letter from ICDP said that adopting a “unilateral approach” would create deliberate conflicts of law and severely undermine “both the principles of reciprocity in diplomatic relations as well as the credibility of the EU data protection reform.”

Apparently, these companies are more concerned about their relations with US authorities than data protection.

Politico.eu: Industry issues plea over data reform »

/ HAX

0

A first sign of an EU ban on encryption?

I noticed that UK Prime Minister Camerons idea that governments should be able to circumvent encryption (the “backdoor” concept) has been echoed by the leader of the Swedish parliamentary opposition, the centre-right partys (Moderaterna) Anna Kinberg Batra.

At a glance this seems to be rather insignificant. But you should know that under the former Swedish centre-right government Sweden established itself as a very close partner to US NSA and British GCHQ. The Snowden files reveals that Sweden (code name: Sardine) is in so close cooperation with the US lead “five eyes coalition” that you could actually talk of a “six eyes coalition”. When the Swedish electronic surveillance organisation Försvarets Radioanstalt (FRA) was given extended mandate it is said that the US helped the Swedish government to draft the new law. And many of the shady details of the FRA law seems to be copied from the US legislative framework.

The Swedish opposition leader wouldn’t do anything concerning mass surveillance without consulting with the US and the UK. (And the present Swedish red-green government is just as compliant.)

This is what is significant. When Swedish politicians echo what is being said in Washington and London – you can be almost certain that there is some coordinated political action going on. And when it comes to Big Brotherism, Sweden is a really bad influence on other EU member states.

This might very well be the first sign that a ban on encryption is to be coordinated at a European level. (It is open to question if this is within EU competence. But if not, the member states probably will do as usual: Coordinate national legislation after an informal conclusion in the Council.)

/ HAX

1