Biometrics were never authentication tokens. They were identity tokens. Authentication tokens are secret and replaceable, and your fingerprints (your retina, your iris, and so on) are neither.
When you authenticate something even slightly sensitive with biometrics, you’re doing it wrong.
The right way to do it is to identify with biometrics, and then authenticate with a proper security token, which is secret.
Falkvinge: Once more, with passion: Fingerprints suck as passwords »
I’m a free marketeer. I believe that free trade would be hugely beneficial for all.
I also believe in a free and open Internet. Especially as it provides a level playing field on which entrepreneurs from all over the world can join a global market, 24/7.
And I’m not at all happy with politicians and bureaucrats trying to force me to choose between the two.
The CETA (EU-Canada) and TTIP (EU-US) trade agreements are problematic. CETA will undermine Europeans right to data protection and privacy online. The same goes for TTIP, which also might contain intellectual property regulations undermining the principle that Internet service providers are not responsible for what their customers are up to in their cables (the mere conduit principle). That would have huge implications, leading to a strictly controlled Internet where everything you are up to must be approved in advance. When it comes to TTIP, we still have no comprehensive information about what is going to be included or not when it comes to IP – as negotiations are carried out behind closed doors.
Also, the ISDS mechanism in these trade agreements will make a much needed and long overdue copyright reform impossible.
But then, again, these trade agreements are not really about free trade. They are about »harmonizing« rules and regulations. So, they are really about regulating trade.
If you want free trade, all you have to do is to get rid of customs fees and other trade barriers. That would benefit us and all of the humanity greatly. But that is not what the politic and bureaucratic elite hope for. They want to regulate and control. The EU even has a special sub-bureaucracy for »trade defense«.
So, I don’t buy into it when they claim that these »free trade agreements« are about free trade.
I’m standing with free trade. And I’m standing with a free and open Internet. It is perfectly possible and logical to combine these standpoints with being critical to CETA and TTIP.
/ HAX
Thanks to the Snowden revelations, it was proven that Canada was conducting mass surveillance activities within the so-called “Five Eyes” arrangement. If brought to court, as the Austrian student Max Schrems did with the EU-US agreement on transfer of personal data (the “Safe Harbor agreement”), the adequacy status given by the EU could be overturned. However, if CETA is ratified, the EU would be prohibited from protecting personal data in this way.
EDRi: CETA puts the protection of our privacy and personal data at risk »
Reuters:
Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.
Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence – sources »
Last week European Commission president Jean-Claude Juncker proposed open city WiFi networks. This left us with some unanswered questions, e.g. about the rules for liability when it comes to copyright infringements. (Link»)
The very next day a ruling in the European Court of Justice (ECJ) brought some clarity. And raised some new questions.
The court finds that a measure consisting in password-protecting an Internet connection may dissuade the users of that connection from infringing copyright or related rights, provided that those users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously, a matter which it is for the referring court to ascertain.
Ars Technica wrote…
Businesses such as coffee shops that offer a wireless network free of charge to their customers aren’t liable for copyright infringements committed by users of that network, the ruling states—which, in part, chimes with an earlier advocate general’s opinion. But hotspot operators may be required, following a court injunction, to password-protect their Wi-Fi networks to stop or prevent such violations. (…)
The implications are obvious: no more free and anonymous Wi-Fi access in bars, cafes, or hotels in countries within the 28-member-state bloc that can now use existing law to demand that users hand over their ID first.
Pirate Party MEP Julia Reda commented…
Juncker’s free Wi-Fi plan is aimed at travellers, refugees, and other groups that could not possibly be expected to identify themselves before using a public Wi-Fi. The commission is even advertising its new initiative as password-free. This ruling means that copyright holders will be able to foil that plan and require free Wi-Fi providers to restrict access to their networks.
Let me add to the confusion.
First, let’s have a look at the situation for traditional hotspot operators such as cafés.
It is not reasonable to expect a café owner to keep a database of all local WiF users. That would require an extensive and very privacy sensitive register that cannot be tampered with and that can stand up to legal procedures. And still, it would do nothing to identify an individual user on the cafés single IP address. At least not with the relatively cheap and simple WiFi equipment normally used in such places.
It all quickly gets complicated and expensive. This would effectively kill free WiFi with your coffee.
The same general questions can be raised when it comes to Juncker’s free city WiFi. But there is a difference. Public sector operated WiFi will have more money and can apply common technical standards. As the number of users in a city-WiFi can be expected to be substantially higher that at a single café – there would not only need to be some sort of password protection but also individual user names, linked to personal identity. At least if you want to meet with the ECJ ambition to be able to identify single users.
In both cases, anonymity will be more or less impossible.
And when it comes to city-WiFi, we can expect various law enforcement and intelligence agencies to show a keen interest.
/ HAX
Ars Technica: Wi-Fi providers not liable for copyright infringements, rules top EU court »
The world’s largest internet exchange point is suing the German government for tapping its communications systems.
DE-CIX runs a number of critical exchange points – most of them in Germany, but with others in France, Spain and the United States – and has sued the German interior ministry over orders from the German security services to allow them to tap its exchange centers.
The goal of the lawsuit, filed in federal court in Leipzig, is to reach a “judicial clarification” over whether the German government’s actions are legal, the company said (in German), and “in particular, legal certainty for our customers and our company.”
The Register: World’s largest internet exchange sues Germany over mass surveillance»
What I have learned over the past 25 years is that encryption saves the lives of people who are working to protect human rights and advance freedom around the world. It is clear that the FBI is willing to compromise the security of our national electronic infrastructure and to risk the lives of activists to advance their short-term institutional interests. The question for the rest of us, for the White House and for Congress, and also for the American people, is are we willing to massively degrade security for everyone, and weaken journalists and independent groups, simply to add to the FBI’s already enormous powers?
The work of independent, nongovernmental groups moves us all forward toward a more just and respectful world. This is, by far, the best defense against terrorism, particularly against the terror wreaked by the police and militaries that commit the majority of the world’s violence against civilians. Today, putting people’s physical security first—whether it’s against repressive governments, cybercriminals, or even nongovernmental terrorists—requires strong digital security.
Patrick Ball in Foreign Affairs: The Case Against a Golden Key »
A worldwide class-action privacy lawsuit against Facebook, initiated by Max Schrems, has been referred to Europe’s top court. (…)
Schrems first brought his suit in 2014, and accuses Facebook of breaking EU privacy law in multiple ways, including supporting the NSA’s Prism surveillance program. Later, 25,000 Facebook users from around the world—except those in the US and Canada, where different rules apply—joined Schrems in a class action under Austrian law by assigning their rights to him.
Ars Technica: Worldwide privacy class action against Facebook heads to EU’s highest court »
