Archive | Rule of law

What to learn from the Abdesalam fiasco

Surveillance should only be directed against people who are suspected of (or to commit) serious crimes.

Mass surveillance – of everyone – only creates a bigger haystack, more false positives, and hamper police and intelligence authorities in their efforts to identify real threats.

Take the Abdesalam brothers in the Paris attacks as an example…

Both were known to Belgian authorities; both were suspected to prepare “an irreversible act”. For years.

This is a case of sloppiness, lacking resources and being Belgian.

Belgium might be a dysfunctional mess, but the problem is the same in other countries. The more mass surveillance data, the more police officers gazing at computer screens – the less security and safety.

Authorities all over would need to get serious, pretty quickly. There is no room for public sector inefficiency when it comes to fighting terrorism. There is no room for incompetence and idleness.

And there are no (valid and publicly acceptable) reasons to replace human intelligence with mass surveillance of the entire population.

The Americans might do it. The Russians and Chinese also do it, for sure. But that is no reason that Europe should. This is exactly what makes our liberal democracy so special. In Europe, we trust ordinary and law-abiding people enough to keep out of their private lives.

The Paris attacks were very real, sad and terrifying. The Abdesalm brothers are very real terrorists. This reality underlines that we need other methods to protect us from danger rather than mass surveillance and data retention. We need wise and competent people, knowing what they are doing. If there are any.

/ HAX

• Link: Belgian police knew since 2014 that Abdeslam brothers planned ‘irreversible act’ »

0

Germany, Snowden and Russia

Last Friday German magazine Focus ran an interview with the country’s two top spies — Gerhard Schindler, of the Bundesnachrichtendienstes (BND) and Hans-Georg Maaßen, of the Bundesamtes für Verfassungsschutz (BfV).

In short, they are annoyed that Edward Snowdens exposure of NSA mass surveillance puts Germany and the UK in an uncomfortable spot. They even implied that Snowden could have been acting under the influence of the Russian government.

“Leaking the secret service files is an attempt to drive a wedge between western Europe and the USA – the biggest since the Second World War,” Hans-Georg Maaßen, head of Germany’s domestic intelligence agency (Verfassungsschutz), told Focus in the double interview.

The translation above from The Local.de. This has gained some attention in the media and Western military circles. So, let’s take a step back and try to look at the wider picture.

Yes, it is a problem that very little is known about mass surveillance carried out by e.g. Russia and China. But you cannot blame Snowden for this. He worked for a contractor to the NSA and leaked what he found to be unacceptable violations of civil rights. Furthermore, the NSA is an intelligence organisation in a democratic country; that should be held responsible under the rule of law. It is not a level playing field. But our western democracies are better than authoritarian and totalitarian states – and our authorities should be held accountable according to a higher standard. Especially when they spy on their own citizens.

Yes, it is a problem that Edward Snowden is stranded in Russia. But that does not make him a Russian spy or mouthpiece. The reason he is in Moscow is: 1) When he arrived there for transit, the US had revoked his passport. 2) No western democracy is willing to grant Snowden asylum. If German authorities are willing to grant him shelter and protection – he can be in Berlin pretty quickly, where a parliamentary inquiry would love to meet with him. (However, I don’t think German intelligence services are all too keen about that prospect.)

And naturally Germany and the UK are being criticized. They deserve to. German intelligence has been spying on companies, businesspeople, and political figures in Germany and allied European nations on behalf of the NSA. And they have lied about it in front of German parliamentarians. In similar ways, the British GHCQ have been acting far beyond its mandate. Both countries are close allies with the US and both countries intelligence authorities have a close cooperation with the American NSA. So, it is not the least strange that German BND has come under scrutiny. But they can blame no one but them selves.

But OK, no one can tell for sure if Snowden is a (knowing or unknowing, willing or unwilling) Russian spy. But that does not alter the fact that his revelations have huge implications for how our democratic societies are run. It is extremely important that this information has come to the public’s knowledge. To defend a free and open society, we must stick to democratic principles, rules, and legal frameworks.

The best, easiest and most decent thing would be to grant Edward Snowden asylum in Germany – and let him testify in front of relevant parliament committees. But I guess that will never happen.

/ HAX

• The Local.de: German spies imply Snowden leaked files for Russia »
• Focus: Doppel-Interview mit Gerhard Schindler und Hans-Georg Maaßen: Kreml versucht den deutschen Bundestag zu infiltrieren – Russen treiben mit Hilfe des Whistleblowers Snowden einen Keil zwischen Westeuropa und den USA »

0

A European FBI? Really?

Somewhere on the Internet, someone wrote “The purpose of terrorism is to provoke the target government into curtailing civil liberties, so more people become radicalized.”

Close enough. Google “the purpose of terrorism”. The Internets is full of thought-provoking discussion about what the fuck is going on. Or at least, opinions about it.

Terrorism is a wide specter, in many ways. Now, we are waiting to find out how governments are going to react to the Brussels attacks. They will. They have to. That is what politicians do. But… how should they react?

It happens to be that national governments are catastrophically bad at sharing information with each other. At least, when it comes to information that might be a bit sensitive. They simply cannot let everyone else in on everything. They will not do that.

And the EU can do nothing. (I’m not saying that the EU should, absolutely not – but it is noteworthy that it can not. National security is strictly national competence. That’s the rule.)

So there is this bold idea floating around: A European FBI.

In other words, a federal and centralized European police. All information would belong to an EU institution in some Belgian suburb. It would have its nose in everything. Like they say in American crimis… “Oh, shit. The Feds are here.”

Newer the less, it would be a radical way to get all of the European police in line, I guess. And think about all the money they can save by having a common European police uniform.

On the one hand, it is obvious that someone must make national government’s security agencies share relevant information — about common enemies, at least.

On the other hand, who should handle this? Not the Commission itself, I hope. So, give it to Europol, they will say. And right there we also need to give Europol full operative authority in all EU member states.

Europol is the European Union’s law enforcement agency whose main goal is to help achieve a safer Europe for the benefit of all EU citizens. We do this by assisting the European Union’s Member States in their fight against serious international crime and terrorism.
— Europols boilerplate

Europol is largely a post-macho bureaucracy, with some support for member states in need to coordinate specific work and operations. But it’s not very operative in itself. (Europol didn’t even bother to look into the possibility that the NSA hacked the SWIFT bank transaction system, mentioned in the Snowden files. Not even after being asked about it by media and in the European Parliament.)

Should we put these people in charge of running European police? I’m not even sure that Europol would like to. They lack the ambition.

Maybe something… new! And there you have it: Europolice. The only police you will ever need.

Then anything can happen. There will be disasters like a centralized procurement process for toilet paper to all European police stations. There will be a federal authority running its own investigations parallel to local law enforcement. And federal crimes must be handled in a unified way across all of the EU — how do you make that happen?

There will have to be field offices in cities all over the continent, with a partly international crew.

Europolice: Keeper of all information. Online with all national records. Connected to the mass surveillance network. Bureaucracy with operative authority. A single point for failure. Under at best vague democratic oversight.

Are you really sure about doing this?

/ HAX

0

Internets imprisoned and fallen

I feel that I ought to pay tribute to Ian Murdock, father of Linux Debian, former Sun VP and Linux Foundation CTO. And I do, by linking to this piece at ArsTechnica, painting a much better picture than I ever could:

Ian Murdock, father of Debian, dead at 42 — Former Sun VP and Linux Foundation CTO died under suspicious circumstances »

As this, according to Murdock’s tweets appears to be a suicide and me not knowing anything much about the circumstances, my first thought was to leave it there. But the Internet led me on. Apparently there had been some confrontation with the police. (Murdock’s tweets ») And that is a red flag.

Back to Ars Technica:

On Monday at 2:13pm Eastern Time, Murdock apparently posted that he was going to kill himself:

» I’m committing suicide tonight…do not intervene as I have many stories to tell and do not want them to die with me #debian #runnerkrysty67 «

Also on Monday, Murdock wrote a string of posts that indicate he had a confrontation with police. Inquiries to the San Francisco Police Department by Ars went unanswered. Update: Public records indicate Murdock was arrested in San Francisco on December 27 and released on bail, but no details were available on the charges.

Of course, I know nothing about the circumstances. And I shouldn’t speculate. But the story of Aaron Swartz falls into one’s mind. He was a champion for a free and open internet, who actually managed to accomplish things and who stopped harmful political bills. He was prosecuted in a very strange federal case of possible copyright infringements and faced $1 million in fines and 35 years in prison. He declined a plea bargain and shortly after that he killed himself. (Also see the documentary: The Internet’s Own Boy The Story of Aaron Swartz ») There are some disturbing similarities with the Murdock case.

But it might just be similarities. And people do fall over the edge sometimes. But standing eye to eye with the judicial system and the police definitely can push someone over that edge. Trust me on that one.

Do you remember Michael Hastings, the successful investigative reporter? His car mysteriously ran into a palm tree and exploded in LA, shortly after he had told his associates that he was on to something big, once again. And his targets were usually the darker side of government and its functionaries.

Journalist and internet activist Barrett Brown clearly was pushed into a corner by the authorities, resulting in him currently spending 63 months in federal prison. It all happened when he was working on ProjectPM, investigating outsourcing of government intelligence operations to private contractors — and the inner workings of the cyber-military-industrial complex.

Chelsea Manning is spending 35 years in prison, basically for having exposed the truth about the government’s politics and actions to the public. This imprisonment is right out offensive.

Wikileaks editor in chief Julian Assange is confined to the Embassy of Ecuador in London, where his freedom of action is quite limited. This following a European Arrest Warrant after some rather vague accusations about sexual misconduct in Sweden. And NSA whistleblower Edward Snowden is stuck in Russia, after the US retracted his passport. In both these cases it’s about people who have made information public — that the people in a democracy ought to have the right to know about anyhow.

There is a disturbing pattern emerging. If you push the envelope too far, bad things happen to you.

No, I am not a conspiracy theorist. Clearly Brown, Manning, Assange and Snowden had it coming. Murdock and Swartz obviously were under harrowing pressure. And there is no hard evidence of foul play in the Hastings case, just strange circumstances. But still, it’s all very troublesome and sad.

Are journalists, internet activists and whistleblowers the imprisoned and fallen political dissidents of our time? Is the truth and a free flow of information really that dangerous to the Establishment? If so, what kind of a society is this?

Our thoughts are with Ian Murdock’s family and friends.

/ HAX

0

Citizens or serfs?

One way of looking at society is that it consists of free individuals – citizens – joined in a community. And in a democracy, the people elect a group of peers to manage a limited amount of things that are better handled together. But people are, in general, responsible for their own lives. This is a firm and sound bottom to top approach.

Then we have the opposite, the top to bottom point of view. Here politicians and bureaucrats are the nuclei of society. It is what they want that is important and they claim to have some sort of right to decide over other people. This ruling class can enforce its will with the help of its armed wing, the police. In this society, the people is totally subordinate to the state and its needs (and whims). This type of society is predisposed for central planning and control. And it is less resilient, as it will have many potential single points of failure.

Today’s modern western societies mainly fall into the latter category. We, the people are not free citizens — but serfs.

The concept of mass surveillance makes perfect “sense” from this perspective. You will have to control the people, supervising that it is doing what it has been told to do. And those in power often find it useful if the people fear the state, at least to some degree.

Meanwhile, governments are becoming less transparent. Ever more deals are struck behind closed doors. Democracy has become an empty excuse for rubber-stamping laws and rules that mainly benefit the system, those in power and their special interest friends.

Recently, the US took the top bottom approach to new extremes. The tax authorities, the IRS, now has the power to revoke people’s passports. If you owe taxes to the government, you can be prevented from leaving the country. What is this, if not serfdom?

The question is what to do about this development towards an ever more totalitarian society. Why are there no steadfast and reliable political forces trying to lead society right again? (Yes, I know. Libertarian political leadership is in so many ways a contradiction in terms. But what is the alternative?)

/ HAX

2

Mass surveillance makes us less safe

BanksyParis

Our thoughts are with the victims of the terror attacks in Paris.

But we should not allow ourselves to react in a thoughtless way. Terrorists want to impose fear –leading us away from a free, open and democratic society.

France already has one of the most intrusive regimes of mass surveillance in the western world. Apparently, this did not stop the terrorists.

Actually, it might very well be that mass surveillance makes us all less safe. The number of “false positives” makes serious police work more difficult. Dependence on electronic surveillance systems also directs resources away from old fashion police activites, intelligence operations, informed analysis and “HUMINT” (Human Intelligence).

Naturally, there is a place for advanced forms of electronic surveillance. But it should be focused on individuals and groups who are suspected to prepare for criminal activities. And to identify such targets, HUMINT is essential.

Time and time again it has been revealed that terrorists have been on the security services radar before striking. But the what, where and when is normally never communicated in ways that can be intercepted by mass surveillance. Here you need targeted surveillance, old-fashioned spies and qualified intelligence analysis. This is hard work, it takes time, it is costly and it can be dangerous. But it is what is effective to keep us reasonably safe from terrorism. (If at all possible.)

And given that the whole point of fighting terrorism is to defend our free, open and democratic society — it would be counter-productive to treat all citizens as potential terrorists and criminals. The people is not the problem.

/ HAX

1

EU: Parliament just came out in favour of Snowden, open-source, encryption, digital freedom and anonymity

Today, the European Parliament adopted a resolution called “Human rights and technology in third countries” (2014/2232(INI)).

This is just a resolution, not legislation, but very interesting nevertheless. The European Parliament…

3. Believes that the active complicity of certain EU Member States in the NSA’s mass surveillance of citizens and spying on political leaders, as revealed by Edward Snowden, has caused serious damage to the credibility of the EU’s human rights policy and has undermined global trust in the benefits of ICTs;

Shame on the Brits, French, Germans and Swedes. (And several others.)

6. Calls for the active development and dissemination of technologies that help protect human rights and facilitate people´s digital rights and freedoms as well as their security, and that promote best practices and appropriate legislative frameworks, while guaranteeing the security and integrity of personal data; urges, in particular, the EU and its Member States to promote the global use and development of open standards, and of free and open-source software and cryptographic technologies;

Nice. This is one we should remind the European Parliament about over and over again–when it tries to make decisions going in the other direction.

9. Urges the EU itself, and in particular the EEAS, to use encryption in its communications with human rights defenders, to avoid putting defenders at risk and to protect its own communications with outsiders from surveillance;

Welcome to the real world.

10. Calls on the EU to adopt free and open-source software, and to encourage other actors to do so, as such software provides for better security and for greater respect for human rights;

This is not the first time the EP makes such a statement. But real progress seems to be very slow.

14. Draws attention to the plight of whistleblowers and their supporters, including journalists, following their revelations of abusive surveillance practices in third countries; believes that such individuals should be considered human rights defenders and that, as such, they deserve the EU’s protection, as required under the EU Guidelines on Human Rights Defenders; reiterates its call on the Commission and the Member States to examine thoroughly the possibility of granting whistleblowers international protection from prosecution;

65. Calls for the scope for international protection of whistleblowers to be extended, and encourages the Member States to table laws to protect whistleblowers;

Very nice. But still, no EU member state is prepared to grant Edward Snowden refuge or asylum.

19. Calls for the inclusion of clauses in all agreements with third countries that refer explicitly to the need to promote, guarantee and respect digital freedoms, net neutrality, uncensored and unrestricted access to the internet, privacy rights and the protection of data;

So, if the EU-US Trade Agreement (TTIP) will include copyright enforcement threatening digital freedom and privacy–the EP will vote no?

We must be sure to make a note of that one. And the next…

20. Urges the EU to counter the criminalisation of human rights defenders’ use of encryption, censorship-bypassing and privacy tools, by refusing to limit the use of encryption within the EU, and to challenge third-country governments that level such charges against human rights defenders;

21. Urges the EU to counter the criminalisation of the use of encryption, anti-censorship and privacy tools by refusing to limit the use of encryption within the EU, and by challenging third-country governments that criminalise such tools;

61. Calls for each individual to be entitled to encryption, and for the conditions needed to allow encryption to be created; takes the view that controls should be a matter for the end user, who will need the skills required to carry out such controls properly;

62. Calls for the introduction of ‘end to end’ encryption standards as a matter of course for all communication services, so as to make it more difficult for governments, intelligence agencies and surveillance bodies to read content;

As far as I can understand, the European Parliament just came out strongly against a ban on encryption.

27. Considers mass surveillance that is not justified by a heightened risk of terrorist attacks and threats to be in violation of the principles of necessity and proportionality, and, therefore, a violation of human rights;

63. Emphasises the special responsibility of government intelligence services to build trust, and calls for an end to mass surveillance; considers that the monitoring of European citizens through domestic and foreign intelligence services must be addressed and stopped;

So, what’s about EU member states continuing data retention?

40. Calls for the development of policies to regulate the sales of zero-day exploits and vulnerabilities to avoid their being used for cyber-attacks, or for unauthorised access to devices leading to human rights violations, without such regulations having a meaningful impact on academic and otherwise bona fide security research;

In your face, NSA…

45. Condemns the weakening and undermining of encryption protocols and products, particularly by intelligence services seeking to intercept encrypted communications;

…and the GCHQ.

46. Warns against the privatisation of law enforcement through internet companies and ISPs;

This ought to be seen as a clear warning not to go down that road in the TTIP.

49. Calls explicitly for the promotion of tools enabling the anonymous and/or pseudonymous use of the internet, and challenges the one-sided view that such tools serve only to allow criminal activities, and not to empower human rights activists beyond and within the EU;

Actually, I’m overwhelmed. But then again, this is not legislation.

However all of the above can be very useful as a reminder when the EU Commission and Council tries to get the Parliament to do the opposite. Or when the Parliament suddenly goes bananas on its own. (It frequently does. It surely will happen again very soon.)

The text as PDF »

/ HAX

3

EU & mass surveillance: Business as usual

I took some time looking trough some of my Youtube-clips on the European Parliaments hearings om mass surveillance during the last legislature (2009-14).

It’s amazing. Everything was laid out in front of the MEP:s. But all the EP could come up with was some half-lame resolution (an opinion, not legislation). And thats it. The new parliament (2014-19) has so far done nothing to follow up on this.

You really should look trough this hearing, with the late Caspar Bowden. He served the MEP:s everything on a silver plate. (If you don’t have the time, give it at least ten minutes.)

Youtube »

Did they read the paper? Nah. Did they act on the information? Not really. Did they care? I don’t think so.

Today it’s business as usual. Nothing of substance has been done when it comes to the EU acting on US mass surveillance. The British and the French (and many others) have — if anything — learned from NSA, now collecting everything. NSA partners (such as the Swedish FRA) carries on as usual. And the European Commission has failed to act on the few recommendations the EP actually gave.

Somehow, I get the impression that our political leaders don’t care. Or don’t want to know. Or maybe… they are not on our side.

We really should elect better politicians.

/ HAX

0

Is the German government on Germanys side?

The news that the American spy organisation NSA has targeted the major German magazine Der Spiegel are serious and disturbing. But it is just the tip of the iceberg.

As it turns out the German government knew. But it did nothing to stop it. It didn’t report the issue to relevant democratic oversight bodies. And even worse — it lied about the matter to the German parliament.

To make things even worse it’s still unclear if the NSA obtained it’s information by spying on the newspaper, the Chancellors Office or the entire German political apparatus.

Der Spiegel writes…

“It remains unclear just who US intelligence originally had in its scopes. The question is also unlikely to be answered by the parliamentary investigative committee, because the US appears to have withheld this information from the Chancellery. Theoretically, at least, there are three possibilities: The Chancellery — at least in the person of Hans Josef Vorbeck. SPIEGEL journalists. Or blanket surveillance of Berlin’s entire government quarter. The NSA is capable of any of the three options. And it is important to note that each of these acts would represent a violation of German law.”

In Germany the constitution and the freedom of the press is taken seriously. What has been going on is in direct conflict with principles clearly laid out by the German Constitutional Court in Karlsruhe.

“If it is true that a foreign intelligence agency spied on journalists as they conducted their reporting in Germany and then informed the Chancellery about it, then these actions would place a huge question mark over the notion of a free press in this country. Germany’s highest court ruled in 2007 that press freedom is a “constituent part of a free and democratic order.” The court held that reporting can no longer be considered free if it entails a risk that journalists will be spied on during their reporting and that the federal government will be informed of the people they speak to.”

This affair is now snowballing, putting the Chancellors Office under serious pressure. In a special editors note, Der Spiegel notes…

“The fact that the press no longer has a special protected status and can be spied upon in the same way as corporations, associations or government ministries, lends a new quality to the spying scandal. That the press appears to have been betrayed by its own government is outrageous. For this reason, SPIEGEL decided this week to file a complaint with the Federal Prosecutor’s Office on suspicion of intelligence agency activity.”

It seems that the German intelligence services and the Chancellors Office have neglected both democratic and judicial requirements to keep good working relations with the Americans.

This leading up to a situation where leading German officials appears to have sided with US intelligence services — rather than with the German constitution, German law, the German parliament and the German people.

Read more: An Attack on Press Freedom: SPIEGEL Targeted by US Intelligence »

/ HAX

1

Bring mass surveillance back on the EU agenda

At springtime last year the European Parliament was conducting hearings om mass surveillance. In parts, it was rather thrilling and tense. The hearings ended with a resolution, where the MEP:s stated (in a rather vague way) that they are ill at ease with what is going on.

Formally, they could do nothing more — as national security does not fall under EU competence.

But informally, it was important that the peoples elected representatives tried to get to grips with what is going on.

Then came the European elections, a new parliament was elected and mass surveillance was not an issue on the agenda anymore.

It’s about time to bring some new life to this issue, on the EU level.

Even though the European Parliament cannot interfere with national security — it has the authority to make statements when it comes to human rights. (The right to privacy is considered to be a human right, according to binding european statues.)

And the European Commission (the only EU institution that can submit real proposals) is formally the “guardian of the treaties” — including the Charter of Fundamental Rights of the European Union and the European Convention on Human Rights.

Also, the European Court of Justice and the European Court of Human Rights can uphold our civil liberties, as stated in the documents above.

The problems with mass surveillance are still the same as a year ago. As a matter of fact new national laws in some EU member states have made things worse since then.

We need to figure out how to apply renewed pressure on our EU politicians when it comes to mass surveillance. And some judicial activism wouldn’t hurt either.

/ HAX

0