“A judicial advisory panel Monday quietly approved a rule change that will broaden the FBI’s hacking authority despite fears raised by Google that the amended language represents a “monumental” constitutional concern.”
Archive | surveillance
EU: No new directive on data retention. But…
According to Reuters there will be no new EU directive on data retention — after the European Court of Justice (ECJ) last year declared the existing one to be in breach with human rights.
“On the data retention directive, the European Commission does not plan to present a new legislative initiative,” Dimitris Avramopoulos told a news conference in Brussels.
This is good news. No directive, no mandatory data retention in EU member states. But to fully understand the Commission statement you will need to know how the EU is working, under the hood.
Clearly, with the ECJ verdict a new directive would run into difficulties in the European Parliament. And it would, for sure, be challenged at the ECJ again.
But with no new directive, data retention will be a concern for member states. Meaning that countries who want to continue data retention can claim that their model is special and not in breach with the ECJ ruling and / or the human rights charter.
To sum it up: No new directive will not result in a ban on data retention. It will only move the issue to the respective national level. So the matter of data retention is in no way settled.
Reuters: EU executive plans no new data retention law »
/ HAX
Why privacy matters
By HAX on March 12, 2015 in Big Brother, Democracy, Freedom of Speech, NSA & Snowden, Privacy, surveillance
Privacy is the bedrock of individual freedom. It is a universal right that sustains the freedoms of expression and association. These principles enable inquiry, dialogue, and creation and are central to Wikimedia’s vision of empowering everyone to share in the sum of all human knowledge. When they are endangered, our mission is threatened. If people look over their shoulders before searching, pause before contributing to controversial articles, or refrain from sharing verifiable but unpopular information, Wikimedia and the world are poorer for it.
Wikimedia about their lawsuit against NSA and the US Department of Justice – to challenge mass surveillance.
Links:
Wikimedia v. NSA: Wikimedia Foundation files suit against NSA to challenge upstream mass surveillance »
Stop Spying on Wikipedia Users »
Greenwald meets Bernstein: From Watergate to Snowden
Glenn Greenwald and Carl Bernstein in a discussion with Fredrik Laurin, head of investigative journalism, Swedish Radio.
The EU and a global ban on encryption
By HAX on February 15, 2015 in Cryptography, Data Protection, Democracy, EU, Global Politics, Internet, Privacy, surveillance, US
Will encryption become illegal? Will governments demand “golden keys” to commonly used encryption? If governments will go after encryption, will they make a difference between encryption used in Internet “base traffic” and encryption used by people to protect their mail and hard drives? What about apps? Nobody seems to know. All we do know is that governments would like to have access to all our communications.
Even if they have tried to keep it under wraps EU member states would like to circumvent encryption. In a leaked dokument from the informal meeting with EU justice and home affairs ministers the other week (PDF), we have it in writing…
“Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys). “
So, we pretty much know what the EU stance will be at the Global Security Summit, in the US nest week.
Interestingly, the European Parliament seems to have an opposite position. In its resolution on mass surveillance of March 2014, the Parliament states that…
[The EP] calls on the Commission to […] ensure a high level of security of telecommunication networks and services, including by way of requiring state-of-the-art end-to-end encryption of communications.
[The EP] calls for the EU to take the lead in […] rerouting of Internet traffic or full end-to-end encryption of all Internet traffic so as to avoid the current risks associated with unnecessary routing of traffic through the territory of countries that do not meet basic standards on fundamental rights, data protection and privacy.
[The EP] calls for the promotion of … encrypting communication in general, including email and SMS communication.
Apparently the European Parliament takes a very different stand, compared to EU member states.
And the Council of Europe (a parlament-like assembly with representatives from most European countries, including non-EU states) makes its position clear in a report…
“The assembly is deeply worried about threats to internet security by the practice of certain intelligence agencies […] of seeking out systematically, using and even creating “back doors” […] which could easily be exploited also by terrorists and cyber-terrorists or other criminals. […] The creation of “back doors” or any other techniques to weaken or circumvent security measures or exploit their existing weaknesses should be strictly prohibited.”
Again, this is a clear standpoint, the very opposite to that of EU member states.
To continue, we have a study from the European Parliament’s Science and Technology Options Assessment unit stating…
“The only way for citizens to counteract surveillance and prevent breach of privacy consists in guaranteeing uncorrupted end-to-end encryption of content and transport channel in all their communications.”
“The EU should invest in resilient open source implementations of different encryption specifications that can be verified and validated for correctness … providing users with unbreakable cryptographic protection. … The EU should invest in making users aware […] how [they] can reduce their digital footprint by following behavioural rules and applying encryption and anonymising principles.”
To put it simply: EU member states would love to have a ban on encryption or a “golden key”. Other relevant European institutions take an opposite standpoint — valuing and defending encryption.
But it will be the EU member states (and the EU Counter-Terrorism Coordinator) who are present at the Global Security Summit in Washington the coming week. And they will try to make their position global policy.
There is a way to get an encryption ban / golden key out of the summits agenda. That is to make this a public issue, to get the media involved and for people to speak out against this madness.
What we do right now will define our future.
/ HAX
Links:
• Not this again! Europe mustn’t backtrack on its support of encryption and rejection of surveillance »
• Next Week, World Leaders Will Meet to Talk About How Much They Hate Encryption »
• Council of the European Union (EU member states) PDF »
• Council of Europe (PDF) »
• UK Surveillance Consultation Suggests It Is End-Point Security, Not Encryption, That Cameron Wants To Subvert »
• In two weeks time, world leaders may decide to undermine encryption »
The real impact of surveillance
Job-seekers under surveillance can lose income needed to survive if their online activity fails to match up to job search demands. People interested in campaigning hestiate over getting involved with movements for social justice when the police count activism as akin to domestic terrorism.
It’s clear that surveillance affects a broad group of people, with real painful consequences for their lives. We’ve seen journalists being monitored, lawyers having their client confidentiality broken, victims of police misconduct being spied on and environmental campaigns infiltrated. These people are not criminals, and yet when we have a system of mass surveillance, they become targets for increasingly intrusive powers.
We also know that state surveillance stigmatises certain groups of the population, it targets communities and networks. Innocent people who share similarities with suspects, (similar Skype chat user names, nearby places of worship, physical location) fall under intense scrutiny, like having their private web cam chats examined. Mass surveillance disproportionally affects marginalized groups and fosters mistrust.
Read more at Open Rights Group: The real impact of surveillance »
In two weeks time, world leaders may decide to undermine encryption
By HAX on February 5, 2015 in Big Brother, Big Government, Cryptography, EU, Privacy, surveillance, Uncategorized, US, War on Terror
There are telltale signs that the US administration will move against encryption. The latest comes from Bob Litt, the General Counsel for the Office of the US Director of National Intelligence (ODNI).
In a speech this week he echoed the demand that government should be allowed access to all our information. Among other things, he touched on the idea of a magical golden key.
I’m not a cryptographer, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.
Even if this is not a ban on encryption, it is very serious. Mike Masnick at Techdirt explains…
I’m not sure how many times in how many different ways this needs to be explained, but what they’re asking for is a fantasy. You cannot put a backdoor in encryption and create a magic rule that says “only the government can use this in lawful situations.” That’s just not how it works. At all. The very idea of decryption by a third party “compromises the integrity of the encryption technology,” almost by definition.
But I’m not sure this will be considered as a valid argument by our ignorant politicians.
It would make little sense for the US to go for a “magical golden key” on its own. Likely other members of the NSA Five Eyes group (UK, Canada, Australia and New Zeeland) will do the same.
And the EU? Europe normally follows the US in these matters. There will be an Global Security Summit in Washington later this month. And there are reasons to believe that also politicians in most EU member states would like to give their authorities the ability to circumvent encryption.
As EU member state ministers for justice and home affairs made their last meeting (in Riga) an informal one, this topic might very well have been up for discussion. (But the public is not allowed to know exactly what went on.) This is exactly what you might expect — and exactly the kind of thing the Council would keep under wraps, to avoid debate and protests until it’s too late. And the timing is just right.
The way the world is right now (Ukraine, IS and potential monetary crises) it should be no problem for world leaders to package the whole thing as “emergency legislation”.
The European Parliament will object, no doubt. But it will be sidestepped. All EU member states have to do is to agree to make this national legislation in all (or most) member states.
As a matter of fact, the EU has no formal competence when it comes to national security matters. So it will have to be a multilateral arrangement.
All the European Parliament can do is to try to protect human and civil rights in a wider sense. But that will probably not go beyond a sharply formulated resolution.
The matter can be sent to the European Court of Justice (for breach of the EU Charter of Fundamental Rights) or the European Court of Human Rights (upholding the European Convention on Human Rights). But in both cases a court process may drag out for years.
In this matter, politicians can do almost as they want. And they will not fail to make use of current world events as an excuse. (Never waste a good crisis.) The only thing that might stop them is general outcry — on a massive scale.
Soon we will know. All eyes on the Global Security Summit in the US on February 18.
/ HAX
AJE: The Jason Moon interview
By HAX on February 1, 2015 in Big Brother, Cryptography, Democracy, Hacktivism, Internet, NSA & Snowden, surveillance, War on Terror
Here is a sobering interview, made by Al Jazeera English with hacker Jason Moon.
Among other things he talks about the new imbalance between data mining and old fashion intelligence work–making us all less secure.
Hacking politics
By HAX on January 27, 2015 in Big Government, Copyright, Data Protection, Democracy, EU, Hacktivism, Intellectual Property, Internet, Privacy, surveillance
A free and open internet, copyright reform, mass surveillance, data protection and civil rights are all issues where the rules are decided in politics. But politics is not always a fair and open democratic process. And change do not always has to be initiated from within the traditional political system.
Former Pirate Party member of the European Parliament (MEP) Amelia Andersdotter this weekend delivered a piece over at TorrentFreak: Pirate Party MEP Fails to Deliver True Copyright Reform »
Here she criticises newly elected German Pirate MEP Julia Reda for her report on EU copyright reform. Andersdotter writes “De facto, Julia Reda is more conservative than the European Commission, and this is a massive problem for representative democracy.”
In defence of Reda, one could say that she has written a report (not legislation) that the European Parliament might be able to accept. This report, written by some other MEP, probably would have been right out damaging. Reda has picked the fights she might be able to win.
But that still leave us with the problem that there might be no real copyright reform in the EU, if left to the EU institutions. Which brings me back to my thesis that you need external pressure in combination with inside political initiatives to change things. To get toothpaste out, you have to apply pressure to both sides of the tube.
I have worked with internet related issues inside the European Parliament. Before that I was an activist outside the EU institutions. Frankly I cannot say when I had the best possibility to influence, to change things. Inside you have resources, not available to activists. But outside you are a voice from reality, of the people–that most politicians will have difficulties to ignore. (Especially if you manage to involve the media.)
Inside the political system you have a choice between different strategies.
You can burry yourself in details. That ought to be a reasonable approach. But in reality you will find yourself in a never ending flood of paper. To do this you need vast resources when it comes to time, manpower and expertise.
The other inside strategy is simply being there. To offer others your perspective, to ask the hard questions, to lead media in the right direction, to be a visionary and a crusader with a cause. For small political organisations, with small resources–this might be the easier way to go.
One, two, twenty or no internet friendly MEP:s or MP:s–most of us will still be outside the parliamentary and political system. But we can make a difference. We are the ones who shape public opinion. We are civil society. We can make politicians jump. To do so, we just have to take action.
/ HAX
Links:
Pirate Party MEP Fails to Deliver True Copyright Reform »
Christian Engström: Political Activism (Pirate Visions) »
Riga Council meeting: EU to step up War on Terror
UK Prime Minister David Cameron as well as EU Counter-Terrorism Coordinator Gilles de Kerchove have floated the idea that governments should be able to access all our communications–including encrypted information.
This would not only have privacy implications. The practical effects and problems would be monumental.
A ban on encryption is only one of many ideas and suggestions that will be on the agenda at the EU justice and home affairs ministers meeting in Riga next week.
Next week’s EU ministerial meeting will be an informal one behind closed doors, where no formal decisions will be made. The ministers will discuss broadly how to implement all the counter terrorism measures that have been discussed in the last month, the Commission official said, adding that in addition to De Kerchove’s advice, ministers will also take into account suggestions made by the Commission and EU member states.
The fact that this is an “informal” meeting is cause for vigilance. This way the ministers can initiate projects and proposals under the radar.
Closed doors will also be a perfect opportunity for them to discuss how to “harmonize” EU and U.S. antiterror legislation. (In preparation for the EU and U.S. security summit in February.)
All eyes on Riga, next Thursday.
/ HAX