Archive | Privacy

The war on truth about… truth

One common practice when it comes to surveillance is to prohibit ISP:s, telecoms operators and tech companies to disclose that there is or has been any warrants or other demands for information from the authorities. (In the US this is known as national security letters.)

Some companies have worked their way around this by so called warrant canaries. In short this means that they state in e.g. their transparency or annual report that there has been no secret warrants. If they, the next year, leave that information out — they have communicated that there has been one or several secret warrants. But in an indirect, subtle way — without breaching the actual secret warrant in question.

This practice is now going to be illegal in Australia, when it comes to the government spying on journalists. BoingBoing explains…

Section 182A of the new law says that a person commits an offense if he or she discloses or uses information about “the existence or non-existence of such a [journalist information] warrant.” The penalty upon conviction is two years imprisonment.

This making it illegal… to or not to indicate to the public that… you are or are or are not not… telling the truth. Or a lie.

Orwell would have been amazed.

Or, in plain words: The Australian government does not appreciate the truth.

/ HAX

0

US tech gigants to Obama: End bulk collection mass surveillance

TechCrunch reports that US “technology companies, tech trade groups and privacy organizations sent a letter today to the President Barack Obama, various members of Congress, and governmental security officials, urging reform of the U.S. government’s surveillance practices.” From the letter…

“There must be a clear, strong, and effective end to bulk collection practices under the USA PATRIOT Act, including under the Section 215 records authority and the Section 2 214 authority regarding pen registers and trap & trace devices. Any collection that does occur under those authorities should have appropriate safeguards in place to protect privacy and users’ rights.”

TechCrunch: Tech Giants Call For “Clear, Strong And Effective End” To NSA’s Phone Metadata Surveillance »

0

The coming War on Cash

War on terror has become an convenient excuse for governments to start a war on cash.

Naturally, cash can be used by terrorists. But it will not mainly be terrorists who suffer from tighter control. It will be ordinary people.

One of the real reasons behind tighter cash regulations are convenient is quite obvious: taxation.

If you want support for this theory, take a look at the EU directive against money laundering. Where implemented strictly (like in Sweden) it makes handling of any substantial amount of cash almost impossible.

The latest is the French tightening the regulations on cash. From Mises.org…

“These measures, which will be implemented in September 2015, include prohibiting French residents from making cash payments of more than 1,000 euros, down from the current limit of 3,000 euros. Given the parlous state of the stagnating French economy the limit for foreign tourists on currency payments will remain higher, at 10,000 euros down from the current limit of 15,000 euros. The threshold below which a French resident is free to convert euros into other currencies without having to show an identity card will be slashed from the current level of 8,000 euros to 1,000 euros. In addition any cash deposit or withdrawal of more than 10,000 euros during a single month will be reported to the French anti-fraud and money laundering agency Tracfin. French authorities will also have to be notified of any freight transfers within the EU exceeding 10,000 euros, including checks, pre-paid cards, or gold.”

The whole idea is based on the presumption that people are up to something suspicious. This seems to be the new default mode, replacing the presumption of innocence (that happens to be one of the fundaments of rule of law).

But this is not just about distrusting citizens with their own money. The common European currency, the Euro, is in a precarious state. Cash regulations can (and will) be used to stop people from rescuing their own money when the shit hits the fan. Just see what happened when the Euro-crisis overwhelmed Cyprus. The government confiscated money directly from peoples bank accounts — and most people had no possibility to rescue their savings.

“Coincidentally” mass surveillance is an excellent tool for governments to enforce financial regulations aimed at the general public…

Is this the moment when people finally will have to turn to free digital currencies in a big way? Is this the tipping point?

/ HAX

4

EU: Data retention – an up-to-date summary

In a few weeks Swedish national data retention laws (based on the EU data retention directive) will be tested in an administrative mid-level court. This is only one of many court appeals in the EU on the subject. Former Pirate MEP Amelia Andersdotter has made a time line (link, in Swedish »).

In the following countries data retention has been rejected by court: Lithuania, Bulgaria (several times), Romania (several times), Germany, Ireland (several times), Cyprus, Czech Republic, Austria, Finland (political decision), Slovakia, Slovenia and The Netherlands. Then there are some open court cases.

In April last year, the European Court of Justice (ECJ) invalidated the EU directive on data retention – for breach of human rights. And recently, the European Commission has declared that there will be no new directive.

It’s also worth noticing criticism against data retention from the EU Council lawyers, Germanys minister of justice, the EU Data Protection group, the Human Rights Commissioner of the Council of Europe, the UN High Commissioner for Human Rights, the UN High Representative for Human Rights and Privacy in a Digital Age and others.

The Human Rights Commissioner of the Council of Europe has made this statement…

“Suspicionless mass retention of communications data is fundamentally contrary to the rule of law, incompatible with core data-protection principles and ineffective. Member states should not resort to it or impose compulsory retention of data by third parties. /…/ Member states should stop relying on private companies that control the Internet and the wider digital environment to impose restrictions that are in violation of the state’s human rights obligations.”

But some countries — like the UK, France and Sweden — try hard to ignore all criticism and all concerns about human rights. They have no plans of giving up this kind of mass surveillance.

/ HAX

Link (in Swedish, about the Swedish court case, but with some helpful quotes in English): Amelia Andersdotter »

0

The worst of two worlds

For the sake of argument: Let’s assume that we are stuck with mass surveillance and Big Brotherism.

Such a society can be very unpleasant and very difficult to live in.

There is a trend among politicians and bureaucrats to regulate and micro manage more and more about our lives. Today, all western countries have more laws, regulations and rules than anyone can grasp and relate to. Every day most of us break the rules. Often several times every day.

Many of these rules are irrational, moralistic, prejudiced, paternalistic, subjective, stupid, unnecessary or malicious. Some laws creates crime where there is no victim. Some are outdated. Some are simply wrong.

In a total surveillance society this abundance of rules will lead to a situation where each and every one of us might be investigated, “corrected” and / or punished. Especially people in opposition, those who don’t fit in a “one size fits all” society and those who would like to live a free life (taking responsibility for their own actions). If people in power and their functionaries think that you are annoying — there will always be a reason for them to make an example of you, as a warning to others.

For a Big Brother society to be at all tolerable to live in — it must be open minded, tolerant and liberal. It must have fewer intrusive rules and more freedom.

But that is not the direction society is going, is it?

Today we live in a society where every day, we are under more surveillance, subject to more intrusive rules and under stricter control. That is a very toxic mix.

/ HAX

0

EU: No new directive on data retention. But…

According to Reuters there will be no new EU directive on data retention — after the European Court of Justice (ECJ) last year declared the existing one to be in breach with human rights.

“On the data retention directive, the European Commission does not plan to present a new legislative initiative,” Dimitris Avramopoulos told a news conference in Brussels.

This is good news. No directive, no mandatory data retention in EU member states. But to fully understand the Commission statement you will need to know how the EU is working, under the hood.

Clearly, with the ECJ verdict a new directive would run into difficulties in the European Parliament. And it would, for sure, be challenged at the ECJ again.

But with no new directive, data retention will be a concern for member states. Meaning that countries who want to continue data retention can claim that their model is special and not in breach with the ECJ ruling and / or the human rights charter.

To sum it up: No new directive will not result in a ban on data retention. It will only move the issue to the respective national level. So the matter of data retention is in no way settled. 

Reuters: EU executive plans no new data retention law »

/ HAX

1

Why privacy matters

Privacy is the bedrock of individual freedom. It is a universal right that sustains the freedoms of expression and association. These principles enable inquiry, dialogue, and creation and are central to Wikimedia’s vision of empowering everyone to share in the sum of all human knowledge. When they are endangered, our mission is threatened. If people look over their shoulders before searching, pause before contributing to controversial articles, or refrain from sharing verifiable but unpopular information, Wikimedia and the world are poorer for it.

Wikimedia about their lawsuit against NSA and the US Department of Justice – to challenge mass surveillance.

Links:
Wikimedia v. NSA: Wikimedia Foundation files suit against NSA to challenge upstream mass surveillance »
Stop Spying on Wikipedia Users »

0

Member states undermining EU data protection reform

EDRi reports on the EU data protection reform

Leaked documents from the Council
According to the leaked proposals, crucial privacy protections have been drastically undermined, including the right to be asked for consent, the right to know how your data are used and the right to object to your data being used, minimum standards of behaviour for companies exploiting individuals’ data. In several places, the text would not likely pass judicial scrutiny under Europe’s human rights framework.

It has been expected that the Council (EU member states) would be trying to undermine the EU data protection package. And now we have it in writing.

As usual when the Council is trying to bully other EU institutions, it probably will try to short-circuit a thorough and reflective democratic process — by rushing it through a trialouge, leading to a compromise in a “first reading agreement”.

Read more at EDRi: Leaked documents: European data protection reform is badly broken »

/ HAX

0

The EU and a global ban on encryption

Will encryption become illegal? Will governments demand “golden keys” to commonly used encryption? If governments will go after encryption, will they make a difference between encryption used in Internet “base traffic” and encryption used by people to protect their mail and hard drives? What about apps? Nobody seems to know. All we do know is that governments would like to have access to all our communications.

Even if they have tried to keep it under wraps EU member states would like to circumvent encryption. In a leaked dokument from the informal meeting with EU justice and home affairs ministers the other week (PDF), we have it in writing…

“Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys). “

So, we pretty much know what the EU stance will be at the Global Security Summit, in the US nest week.

Interestingly, the European Parliament seems to have an opposite position. In its resolution on mass surveillance of March 2014, the Parliament states that…

[The EP] calls on the Commission to […] ensure a high level of security of telecommunication networks and services, including by way of requiring state-of-the-art end-to-end encryption of communications.

[The EP] calls for the EU to take the lead in […] rerouting of Internet traffic or full end-to-end encryption of all Internet traffic so as to avoid the current risks associated with unnecessary routing of traffic through the territory of countries that do not meet basic standards on fundamental rights, data protection and privacy.

[The EP] calls for the promotion of … encrypting communication in general, including email and SMS communication.

Apparently the European Parliament takes a very different stand, compared to EU member states.

And the Council of Europe (a parlament-like assembly with representatives from most European countries, including non-EU states) makes its position clear in a report…

“The assembly is deeply worried about threats to internet security by the practice of certain intelligence agencies […] of seeking out systematically, using and even creating “back doors” […] which could easily be exploited also by terrorists and cyber-terrorists or other criminals. […] The creation of “back doors” or any other techniques to weaken or circumvent security measures or exploit their existing weaknesses should be strictly prohibited.”

Again, this is a clear standpoint, the very opposite to that of EU member states.

To continue, we have a study from the European Parliament’s Science and Technology Options Assessment unit stating…

“The only way for citizens to counteract surveillance and prevent breach of privacy consists in guaranteeing uncorrupted end-to-end encryption of content and transport channel in all their communications.”

“The EU should invest in resilient open source implementations of different encryption specifications that can be verified and validated for correctness … providing users with unbreakable cryptographic protection. … The EU should invest in making users aware […] how [they] can reduce their digital footprint by following behavioural rules and applying encryption and anonymising principles.”

To put it simply: EU member states would love to have a ban on encryption or a “golden key”. Other relevant European institutions take an opposite standpoint — valuing and defending encryption.

But it will be the EU member states (and the EU Counter-Terrorism Coordinator) who are present at the Global Security Summit in Washington the coming week. And they will try to make their position global policy.

There is a way to get an encryption ban / golden key out of the summits agenda. That is to make this a public issue, to get the media involved and for people to speak out against this madness.

What we do right now will define our future.

/ HAX

Links:
• Not this again! Europe mustn’t backtrack on its support of encryption and rejection of surveillance »
• Next Week, World Leaders Will Meet to Talk About How Much They Hate Encryption »
• Council of the European Union (EU member states) PDF »
• Council of Europe (PDF) »
• UK Surveillance Consultation Suggests It Is End-Point Security, Not Encryption, That Cameron Wants To Subvert »
• In two weeks time, world leaders may decide to undermine encryption »

0