Archive | Privacy

“EU-US Privacy Shield must be sent back to negotiators”

A group of leading digital rights organisations on both sides of the Atlantic has called for the Privacy Shield arrangement between the EU and US to be sent back to the negotiators. In a letter to senior EU officials, the group says that without “substantial reforms” to ensure protection for fundamental rights of individuals, the Privacy Shield will “put users at risk, undermine trust in the digital economy, and perpetuate the human rights violations that are already occurring as a result of surveillance programs and other activities.”

ArsTechnica: Privacy Shield deal must be sent back to negotiators, say digital rights warriors »

0

Richard Clarke on the Apple vs. FBI case

“[The FBI] is not as interested in solving the problem as they are in getting a legal precedent,” Clarke said. “Every expert I know believes the NSA could crack this phone. They want the precedent that government could compel a device manufacturer to let the government in.”

The Register: Former US anti-terror chief tears into FBI over iPhone unlocking case — They’d just send it to the NSA if they really wanted access, says Clarke »

0

The Goovernment

You know the saying that Google will know if you are gay before you do?

Almost the same, but a little different, can be said about the government.

The government knows who you have been talking to on the phone and who your friends are – and who their friends are. The government knows where you have been and who else might have been in the same place at the same time. The government knows when you connected to the internet, who you sent an email and the people that have emailed you. Data is stored about your every text message, and in some countries that go for the content of the messages as well.

In the UK Big Brother will even keep an eye on your web searches, if the government gets it its way.

The government knows who your friends are and what people you are trying to avoid. It can tell who you do business with and what people you sleep with. It can figure out your hobbies and your whereabouts. And it can flag you if a friend of your friend is someone the people in power do not approve of.

With Google – at least, it’s about selling you stuff, to expose you to “relevant” ads and to make a buck. (But World Domination, really?)

But with the Goovernment – it’s all about control. And power. Over you. For real.

Put one on top of the other, and it gets even more scary. (The government doesn’t need Google to cooperate in this. Much of the data is out on the market.)

All of this while government doings are getting more opaque, more secretive and more dubious.

This is not the way to do things in an open, democratic society.

/ HAX

0

WhatsApp vs. the FBI

In Saturday’s edition of the New York Times, Matt Apuzzo reports that the Department of Justice is locked in a “prolonged standoff” with WhatsApp. The government is frustrated by its lack of real-time access to messages protected by the company’s end-to-end encryption. The story may represent a disturbing preview of the next front in the FBI’s war against encryption.

EFF: The Next Front in the New Crypto Wars: WhatsApp »

0

The real issue with the San Bernardino shooters iPhone

The trench war over the San Bernardino shooters iPhone continues. The FBI demands that Apple should create a special OS to circumvent the “auto erase” function that, if activated, would make the phones contents unavailable after ten failed attempts to unlock it. And Apple is fighting the request.

However, it turns out that all of this might be unnecessary. There are other ways to access the content, as demonstrated by the ACLU.

It is unlikely that FBI didn’t know about this possibility — as it is a commonly used technique in the industry.

ACLU:s Technology Fellow Daniel Kahn Gillmor explains…

“All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy.”

So, what is going on here?

“If this generally useful security feature is actually no threat to the FBI, why is it painting it in such a scary light that some commentators have even called it a “doomsday mechanism”? The FBI wants us to think that this case is about a single phone, used by a terrorist. But it’s a power grab: law enforcement has dozens of other cases where they would love to be able to compel software and hardware providers to build, provide, and vouch for deliberately weakened code. The FBI wants to weaken the ecosystem we all depend on for maintenance of our all-too-vulnerable devices. If they win, future software updates will present users with a troubling dilemma. When we’re asked to install a software update, we won’t know whether it was compelled by a government agency (foreign or domestic), or whether it truly represents the best engineering our chosen platform has to offer.”

Of course, it might just be about government incompetence. But never the less, the result would be the same: A judicial trojan horse for weakening device security all over the line.

Having seen what US government agencies have been up to — it is more likely than not that this is all about Big Brother deceptiveness.

• ACLU: One of the FBI’s Major Claims in the iPhone Case Is Fraudulent »
• Security Affairs: Snowden accuses the FBI of lying about his ability to unlock the iphone of the San Bernardino terrorist. “that’s horse sh*t.” he said. »

/ HAX

0

EU and the crypto war

So, where does the EU stand on politicians, law enforcements and intelligence organisations war on encryption?

It is still an open question, to be decided in the e-Privacy Directive.

What is this — and didn’t the EU just set out the framework for data protection? Diego Naranjo at EDRi explains…

“Did you think the data protection reform was finished? Think again. Once the agreement on the texts of the General Data Protection Regulation (GDPR) and the Data Protection Directive for Law Enforcement Agencies (LEDP) was reached, the e-Privacy Directive took its place as the next piece of European Union (EU) law that will be reviewed. The e-Privacy Directive (Directive 2002/58/EC on privacy and electronic communications) contains specific rules on data protection in the area of telecommunication in public electronic networks.”

Here issues such as cookies, government trojans and encryption back doors should be addressed.

So far, this process has attracted very little attention from the public, the media, the industry and internet activists. Nevertheless, these issues are essential when it comes to citizens right to privacy.

While the Apple vs. FBI case in the US is all over the media — what’s going on in the same field in the EU is more or less ignored.

While most EU politicians have held a low profile about encryption backdoors so far, the matter of government trojans already is an existing and very real cause for worry.

The French have since long been suspected to use malware (e.g. Babar, Bunny, Casper, Dino, NBot and Tafacalou) and will most certainly move ahead in its’ new cyber-security strategy. In Germany the government just approved the usage of trojans by federal agencies. And countries like Sweden are fast-tracking legislation in this field.

It is important to remember that this is not “only” about phone calls, text messages and e-mails. With trojans on your phone, tablet or computer — the government can access everything you do. What you write. What you google. Your online banking. Your social media activities. Dating apps that you might use. Your contacts. Your private pictures. Your business plans. Your health apps. You name it…

So we better get busy while it’s still possible to influence the political process.

Don’t let the EU get away with keeping this dossier under the radar. Please.

/ HAX

EDRi: Data Protection Reform – Next stop: e-Privacy Directive »

0

The EU-US Privacy Shield: EU presents a pointless proposal

Finally, the European Commission has presented a proposal for the EU-US Privacy Shield conserning data protection, to replace the fallen “Safe Harbour” agreement. Sorry to say, it’s rather pointless.

The background is that the European Court of Justice invalidated the “Safe Harbour” agreement that was supposed to provide adequate data protection when Europeans personal data is being transfered to the US. The reason was that US companies didn’t really care about the agreement — and that US authorities (e.g. the NSA) in many cases had access to the data.

Then followed some confusion as the EU and the US tried to negotiate a new agreement, the EU-US Privacy Shield. Here are some previous blog posts:

• An EU-US Privacy Shield? »
• The EU-US Privacy Shield Illusion »

Now we have a proposal. Some EU links:

• European Commission presents EU-U.S. Privacy Shield »
• Restoring trust in transatlantic data flows through strong safeguards: European Commission presents EU-U.S. Privacy Shield »
• EU-U.S. Privacy Shield: Frequently Asked Questions »

This new proposal is rather similar to the old, fallen agreement. So much so, that it might very well be invalidated by the ECJ once again.

The main news seems to be “adequacy decisions”. In simple terms this means that things will be deemed OK if the European Commission says so. And that is hardly a solid judicial principle.

The Austrian student Max Schrems — who took the old agreement to the ECJ in the first place — says that he is considering taking the new agreement back to court, if adopted.

In a comment the NGO EDRi:s Executive Director Joe McNamee says..

The European Commission has given Europe a lesson on how not to negotiate. This isn’t a good deal, it hardly deserves to be called a ‘deal’ of any kind.

The EDRi press release also states that the documents published “confirm that no meaningful reforms have been made and that none are planned”.

EDRi Press Release: Privacy Shield is the same unsafe harbour »

The European Commission simply does not seems to be very concerned about protecting European personal data being transfered to the US.

/ HAX

0

The FBI vs. Apple case is about unlocking your life

Here is some food for thought, on the FBI vs. Apple case about unlocking the San Bernardino shooters iPhone: It’s not only about your phone calls and text messages, it’s about your entire life.

An iPhone contains apps, surf history and search history that would crack open your private life completely in front of Big Brother.

In a text, Rick Falkvinge lists a few examples…

  • What news articles you read, for how long, and in what order
  • Your travel plans
  • Your dating habits
  • What you’re buying
  • What you’re thinking of buying but didn’t
  • Whom you’re in touch with but didn’t talk to
  • What you were looking for more information about, and when
  • What link(s) you follow, given a selection
  • Your physical movement through cities, and within a city
  • …the list goes on.

Is this really information that should be in government hands?

Falkvinge: Using legacy phonecall wiretapping laws to justify Internet wiretapping is obscene: immense expansion of surveillance »
Slate: An iPhone Is an Extension of the Mind »

0