Navigation

Archive | surveillance

EU: Parliament just came out in favour of Snowden, open-source, encryption, digital freedom and anonymity

By on September 8, 2015 in Big Brother, Civil liberties, Cryptography, Data Retention, EU, Free Software, NSA & Snowden, Privacy, Rule of law, surveillance

Today, the European Parliament adopted a resolution called “Human rights and technology in third countries” (2014/2232(INI)).

This is just a resolution, not legislation, but very interesting nevertheless. The European Parliament…

3. Believes that the active complicity of certain EU Member States in the NSA’s mass surveillance of citizens and spying on political leaders, as revealed by Edward Snowden, has caused serious damage to the credibility of the EU’s human rights policy and has undermined global trust in the benefits of ICTs;

Shame on the Brits, French, Germans and Swedes. (And several others.)

6. Calls for the active development and dissemination of technologies that help protect human rights and facilitate people´s digital rights and freedoms as well as their security, and that promote best practices and appropriate legislative frameworks, while guaranteeing the security and integrity of personal data; urges, in particular, the EU and its Member States to promote the global use and development of open standards, and of free and open-source software and cryptographic technologies;

Nice. This is one we should remind the European Parliament about over and over again–when it tries to make decisions going in the other direction.

9. Urges the EU itself, and in particular the EEAS, to use encryption in its communications with human rights defenders, to avoid putting defenders at risk and to protect its own communications with outsiders from surveillance;

Welcome to the real world.

10. Calls on the EU to adopt free and open-source software, and to encourage other actors to do so, as such software provides for better security and for greater respect for human rights;

This is not the first time the EP makes such a statement. But real progress seems to be very slow.

14. Draws attention to the plight of whistleblowers and their supporters, including journalists, following their revelations of abusive surveillance practices in third countries; believes that such individuals should be considered human rights defenders and that, as such, they deserve the EU’s protection, as required under the EU Guidelines on Human Rights Defenders; reiterates its call on the Commission and the Member States to examine thoroughly the possibility of granting whistleblowers international protection from prosecution;

65. Calls for the scope for international protection of whistleblowers to be extended, and encourages the Member States to table laws to protect whistleblowers;

Very nice. But still, no EU member state is prepared to grant Edward Snowden refuge or asylum.

19. Calls for the inclusion of clauses in all agreements with third countries that refer explicitly to the need to promote, guarantee and respect digital freedoms, net neutrality, uncensored and unrestricted access to the internet, privacy rights and the protection of data;

So, if the EU-US Trade Agreement (TTIP) will include copyright enforcement threatening digital freedom and privacy–the EP will vote no?

We must be sure to make a note of that one. And the next…

20. Urges the EU to counter the criminalisation of human rights defenders’ use of encryption, censorship-bypassing and privacy tools, by refusing to limit the use of encryption within the EU, and to challenge third-country governments that level such charges against human rights defenders;

21. Urges the EU to counter the criminalisation of the use of encryption, anti-censorship and privacy tools by refusing to limit the use of encryption within the EU, and by challenging third-country governments that criminalise such tools;

61. Calls for each individual to be entitled to encryption, and for the conditions needed to allow encryption to be created; takes the view that controls should be a matter for the end user, who will need the skills required to carry out such controls properly;

62. Calls for the introduction of ‘end to end’ encryption standards as a matter of course for all communication services, so as to make it more difficult for governments, intelligence agencies and surveillance bodies to read content;

As far as I can understand, the European Parliament just came out strongly against a ban on encryption.

27. Considers mass surveillance that is not justified by a heightened risk of terrorist attacks and threats to be in violation of the principles of necessity and proportionality, and, therefore, a violation of human rights;

63. Emphasises the special responsibility of government intelligence services to build trust, and calls for an end to mass surveillance; considers that the monitoring of European citizens through domestic and foreign intelligence services must be addressed and stopped;

So, what’s about EU member states continuing data retention?

40. Calls for the development of policies to regulate the sales of zero-day exploits and vulnerabilities to avoid their being used for cyber-attacks, or for unauthorised access to devices leading to human rights violations, without such regulations having a meaningful impact on academic and otherwise bona fide security research;

In your face, NSA…

45. Condemns the weakening and undermining of encryption protocols and products, particularly by intelligence services seeking to intercept encrypted communications;

…and the GCHQ.

46. Warns against the privatisation of law enforcement through internet companies and ISPs;

This ought to be seen as a clear warning not to go down that road in the TTIP.

49. Calls explicitly for the promotion of tools enabling the anonymous and/or pseudonymous use of the internet, and challenges the one-sided view that such tools serve only to allow criminal activities, and not to empower human rights activists beyond and within the EU;

Actually, I’m overwhelmed. But then again, this is not legislation.

However all of the above can be very useful as a reminder when the EU Commission and Council tries to get the Parliament to do the opposite. Or when the Parliament suddenly goes bananas on its own. (It frequently does. It surely will happen again very soon.)

The text as PDF »

/ HAX

3

Mass surveillance creates a suspicious society

By on July 26, 2015 in Big Brother, Police state, Privacy, surveillance, War on Terror

Society is getting more and more complex. The number of rules and laws is enormous, beyond the point where you reasonably can be expected have a grasp of what you may and may not do. And far from all rules are reasonable or intuitive. There are laws based on very subjective moral grounds, laws that creates crimes without victims and laws that are there for no apparent reason at all.

Most likely most of us are unknowingly breaking some laws every day. (And some knowingly.)

And where you have rules, you always have smug and self-righteous people acting as some sort of sentinels — telling others how to behave and ratting on people.

This happens in all sorts of groups and societies. But it has been especially noticeable in authoritarian societies. Ratting on others is perceived to prove to people in power that you are on their side — and it shifts focus away from looking closer at you and your behaviour. Sadly, this is a rather rational behaviour under certain circumstances.

So, what happens when you add mass surveillance to the equation? Everyone has something to hide. And when the authorities are able to scrutinise the lives, communications and actions of everybody — there are even stronger incentives for people to sell out others (by the same reasons as mentioned above).

Mass surveillance creates a suspicious society, where you cannot trust other people.

It’s easy for governments to exploit the publics fear of terrorism and crime — and rather difficult to get people to understand the dangers of a society where trust between people is being eroded.

/ HAX

1

Enemies of the State, unite!

By on July 10, 2015 in Big Brother, Civil liberties, Democracy, Police state, Privacy, surveillance

Have you noticed that they kill people based on meta data? Not in the US and Europe. But people far away. With drones, the targets selected from among other things: meta data from telecommunications.

So… what phone calls did you make yesterday? Last week?

They can. They do. Maybe not where you live. But it is only a matter of time.

But you have nothing to hide — and for that reason nothing to fear, right? (Really? Nothing?)

First of all, it may be up to a machine to decide on that. Without involvement of human reason. Doesn’t your communication patterns appear to be a little… odd?

Frankly, everyones communication patterns look odd — if you look into them in detail and add this with information from other social charts. You almost certainly are only a few common friends away from some seriously bad people. (Phone books are gold mines for people who draw lines between the dots.)

And there are plenty of laws around to make something stick to you. You don’t have to be guilty. But legal trouble can incapacitate you for years and drain all your money away. (The wars on terrorism, drugs and “piracy” can be very useful for the government, in this regard.)

In the US, apparently the Obama administration use the IRS to make life hell for anti-Obama activists. (Link») Captivating.

But it dosen’t have to be party political. You can become an Enemy of the State just by telling the people what their governments and officials really are up to. (Manning, Assange, Snowden, Brown & Co.)

This perverted system is already connected to the killing machines. I sure hope all our leaders are wise, honest and fair people. Always.

/ HAX

0

The secret police state: More lies ahead…

By on June 4, 2015 in BND, Democracy, Intelligence, NSA & Snowden, Rule of law, surveillance, War on Terror

So, the German Intelligence Service (BND) lied to Parliament and the democratic oversight body about its cooperation with the NSA. And the NSA has lied to the US Congress about mass surveillance. In Sweden the surveillance institution, the FRA, has lied to Parliament about (possibly illegal) IT-attacks carried out together with the British GCHQ and the NSA. And in the European Parliament hearings on mass surveillance several prominent European surveillance and intelligence bodies declined participating…

Can we trust the Intelligence Community? Seriously. It ought be under some sort of democratic control or oversight.

There is a view that our elected representatives are powerless against the intelligence organisations — simply because the latter knows too much about the former. If that is to be true, we have some serious problems. In that case democracy has been overridden.

But it doesn’t have to be that bad. It could be a matter of sheer political incompetence. (The politicians do not know what questions to ask, as they do not know what they do not know. And there is a thin line between telling lies and not telling the whole truth.)

It can also be the case that some things, politicians do not want to know.

OK, the intelligence community is supposed to keep us all safe, right? And politicians are not known for keeping that kind of secrets. Maybe it’s better not to let the peoples elected representatives in on everything? Who knows, they might be spies? Or some sort of collaborators? Or they might just fuck things up. (Hanlon’s razor: Never attribute to malice that which is adequately explained by stupidity.)

Well… No.

In a democracy the power emanate from the people. The intelligence bodies are branches of government, who should defend the democratic system and carry out the tasks presented to them by our democratically elected representatives. Frankly, it’s up to the people. If we elect unreliable, psychotic maniacs — that is what our different branches of government have to work with. Sorry to say. But to countermand general elections would be nothing less than a coup d’état.

However, I’m not sure that is how the intelligence community perceive things.

This is a complete mess, isn’t it? A minefield.

My personal favourite theory is that most western intelligence organisations feel that they have more in common with each other than with their respective governments (and parliaments). Many screw-ups could be explained by this theory. And it’s not that far fetched. They know things. (At least they think they do.) They share sensitive information. They do things together. And sometimes shit happens. (To get a grip of this theory, I would recommend you to turn to John le Carrés all too realistic novel A most wanted man. And it’s very possible that reality outmatches fiction.)

So? I guess we need our intelligence services. Even if they sometimes get out of control and do stupid, silly or outright dangerous stuff. The only way I can think of to handle this is to elect better politicians. That, however, is not as easy as it sounds.

Until then: More lies ahead…

/ HAX

0

UK to escalate the war on encryption

By on May 28, 2015 in Big Brother, Cryptography, surveillance, UK

The announced UK Investigatory Powers Bill is said to “force some of the world’s biggest internet companies including Google, Apple and Facebook to hand over encrypted messages from terror suspects”. (The Telegraph »)

To be fair, it should be pointed out that this specific part of the bill is said to be limited to “suspects under investigation”. So it’s not about blanket mass surveillance. But I’m sure that is being covered in other parts of the same bill, said to…

…”address ongoing capability gaps” that are hindering the ability of the security services to fight terrorism and other serious crime. (…)

A Home Office spokesman said the bill was a “landmark piece of legislation to cover the whole investigatory powers landscape in modern communications”.

I guess it’s going to be pretty bad. But back to the encryption issue. Ars Technica points out that…

In the face of these demands, some companies might decide to re-design their systems such that it would be impossible for them to break the encryption even if required to do so by law. This facility is already available from companies offering peer-to-peer encryption. If the UK government goes ahead with this plan, we are likely to see this approach being adopted by more communications providers and messaging apps, which would undermine the effectiveness of the proposed law.

So, the effect of far reaching legislation might actually be that it will be harder for authorities to obtain the information they want. Even in legitimate cases.

In the UK, you can be put in prison if you don’t surrender your encryption key to the authorities. But that isn’t much use when it comes to covert surveillance, is it?

With P2P encryption you can legislate as much as you want. It will not work.

This leaving the UK government with one option: To demand all P2P encryption to – somehow – be corrupted by back doors.

That would be a terrible idea. And if at all possible, it would only work with big, commonly used communication apps and systems. I cannot see how anything other than traditional and time consuming code breaking could be used against open source encryption software in P2P communications.

The only option left for the UK government might be to make such encryption illegal. And trust me, this is an option that will be taken under consideration…

The war on encryption is now entering the madcap phase.

/ HAX

The Telegraph: Google and Whatsapp will be forced to hand messages to MI5 »
Ars Technica: New UK law would give government access to encrypted Internet messaging apps »
Ars Technica: The new war on encryption is based on a lie »

2

Queens Speech and Big Brother

By on May 27, 2015 in Big Brother, Censorship, Democracy, Freedom of Speech, Privacy, surveillance, UK

BBC summons up the Queens Speech from todays opening of the British Parliament. Here is what to expect when it comes to Big Brother-related bills…

Extremism Bill

This includes measures to tackle broadcasting of extremist material. The government wants to strengthen watchdog Ofcom so that it can take action against channels that transmit extremist content. The legislation will also propose the introduction of banning orders for extremist organisations who use hate speech in public places, but whose activities fall short of proscription. A new power to allow police and local authorities to close down premises used to support extremism will also feature. And employers will be able to check whether an individual is an extremist and barring them from working with children.

Investigatory Powers Bill

“New legislation will modernise the law on communications data,” the speech said. An Investigatory Powers Bill will revive plans to give intelligence agencies new tools to target communications data – branded a “snooper’s charter” by critics. The government says it will equip the police intelligence agencies with the tools to keep people safe.

…and what is not in the Queen’s Speech?

Although it appears in the Queen’s Speech, there is no legislation, either in full or draft form, on a British Bill of Rights. Instead, ministers will consult on the pros of replacing the Human Rights Act with a new legal framework of rights and responsibilities.

Read more at BBC Queen’s Speech 2015: Bill-by-bill »

0

Is the NSA to shut down bulk surveillance programs? Maybe not.

By on May 25, 2015 in Big Brother, Data Retention, NSA & Snowden, surveillance, US, War on Terror

The NSA bulk surveillance program is hanging by a thread — as the controversial Patriot Act expires and as US Senate did not manage to adopt a replacement bill (the USA Freedom Act) before its week-long recess.

The Associated Press reports…

“In a chaotic scene during the wee hours of Saturday, Senate Republicans blocked a bill known as the USA Freedom Act, which would have ended the NSA’s bulk collection but preserved its ability to search the records held by the phone companies on a case-by-case basis. The bill was backed by President Barack Obama, House Republicans and the nation’s top law enforcement and intelligence officials.”

There will be an emergency session scheduled for Sunday, May 31st.

This is a cliff hanger. But even if the replacement bill will be adopted, bulk mass surveillance will not end. It will only change form.

The USA Freedom Act obliges telecoms meta data to be kept by the phone companies. This is the same model as in the EU Data Retention Directive. Even though this directive has been invalidated by the European Court of Justice for breaching human rights, it is already implemented in most EU member states.

In many EU countries authorities use data retention on a massive scale and in a rather indiscriminate way. There are even attempts to give the police direct online access to meta data held by the telecoms, in some countries.

So even if the Freedom Act might be adopted it will not be the end of bulk collection of telecoms data in the US. It will not be as bad as the Patriot Act, but still it will be pretty bad.

However, it will be interesting to see what happens if the Freedom Act is not adopted before the Patriot Act expires. In that case the NSA might have to shut down parts of their operation. At least for some time. (For all the public is allowed to know…)

• NSA is getting ready to shut down bulk surveillance programs in response to failed Senate vote »
• NSA winds down once-secret phone-records collection program »

Update: Julian Assange: Despite Congressional Standoff, NSA Has Secret Authority to Continue Spying Unabated »

/ HAX

0