|
I don't know about you, but my profiles contains stuff that I'd rather the authorities didn't see.
|
|
|
| 28th June 2016
|
|
| See
article from federalregister.gov
|
The US authorities are set to add questions to immigration arrivals forms asking for IDs used on social media such as Facebook and Twitter. Reports suggest that it is supposedly voluntary to provide such information, but it wouldn't be difficult to drop
a few hints, that those not providing such info may not be granted entry, to make it more or less mandatory. A Notice by the U.S. Customs and Border Protection (CBP) on 06/23/2016 detailed the new question: CBP
Forms I-94 (Arrival/Departure Record) and I-94W (Nonimmigrant Visa Waiver Arrival/Departure Record) are used to document a traveler's admission into the United States. These forms are filled out by aliens and are used to collect information on
citizenship, residency, passport, and contact information. The data elements collected on these forms enable the Department of Homeland Security (DHS) to perform its mission related to the screening of alien visitors for potential risks to national
security and the determination of admissibility to the United States. Proposed Changes DHS proposes to add the following question to ESTA and to Form I-94W: Please enter information associated with your online presence -- Provider/Platform -- Social media identifier.
It will be an optional data field to request social media identifiers to be used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative
process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.
|
|
Now the US authorities are working on getting their own snooper's charter
|
|
|
| 23rd June 2016
|
|
| 8th June 2016 See article from
theguardian.com |
The latest surveillance battle gripping the technology industry is focused on a rewrite of US surveillance law that would mean the justice department would be able to access a citizen's web browsing history, location data and some email records without
approval from a judge using a so-called national security letters (NSLs). The FBI contends that such data is covered implicitly under current statute, which was written years ago and only explicitly covers data normally associated with
telephone records. Director James Comey now is lobbying Congress to extend the current definition to include internet data. Technology companies including Google, Facebook and Yahoo have sent a letter warning Congress that they would oppose
any efforts to rewrite law in the FBI's favor. This expansion of the NSL statute has been characterized by some government officials as merely fixing a 'typo' in the law, the companies wrote: In reality,
however, it would dramatically expand the ability of the FBI to get sensitive information about users' online activities without court oversight.
Update: Censored whilst claiming to be uncensored 11th
June 2016. See article from theregister.co.uk
A sly attempt to grant the FBI warrantless access to people's browser histories in the US has been shot down by politicians. Unfortunately, the Electronic Communications Privacy Act (ECPA) Amendments Act of 2015, which would have brought in some
privacy safeguards for Americans, was cut down in the crossfire. The bill was halted because of an amendment tacked on by Senator John Cornyn on Tuesday that would allow the FBI to obtain someone's internet browsing history and the metadata of all
their internet use without a warrant. If Cornyn's amendment was passed, the Feds would simply have to issue a National Security Letter (NSL) to get the information. The bill's sponsors, Senators Patrick Leahy and Mike Lee, told a session of the
Senate Committee on the Judiciary that Cornyn's amendment had wrecked years of careful bipartisan negotiations and would seriously harm US citizens' privacy. As such, they weren't prepared to let the bill go forward. Update:
And again 23rd June 2016. See article from theregister.co.uk
The US Senate has struck down an amendment that would have allowed the FBI to track internet histories and communications without judicial oversight, but a re-vote could be called under Senate rules. The amendment to the Commerce, Justice,
Science, and Related Agencies Appropriations Act would have given the FBI the right to use National Security Letters (NSLs), which compel communications companies to hand over a customer's transactional records, including their browsing history,
time spent online, and email metadata, but not the content of messages. In addition, it would have made permanent a provision in the Patriot Act that would allow the same powers for those deemed to be individual terrorists to be treated as
agents of foreign powers, a measure aimed at tracking so-called lone wolf operators. It was introduced on Monday by Senators John McCain and Richard Burr. Senator John Cornyn has named the issue the FBI's top legislative priority and has
tabled a further amendment to allow similar powers to law enforcement. |
|
|
|
|
| 17th June 2016
|
|
|
The Olympics Are Turning Rio into a Military State See article from motherboard.vice.com |
|
Snooper's Charter law completes in the Commons supported by Labour and the Conservatives
|
|
|
| 9th June 2016
|
|
| See bill progress from services.parliament.uk See also
article from openrightsgroup.org |
MPs have voted in the final Commons stage of the Investigatory Powers Bill. They voted in favour of the bill by 444 to 69. Some MPs - particularly Joanna Cherry, David Davis, Alistair Carmichael and Stephen McPartland - did a great job in putting the
Government under pressure. SNP, Lib Dem and Green MPs voted against. The Bill will now be debated in the House of Lords The Open Rights Group have highlighted the Filter as the nastiest part of the bill which unifies website history
and communication records into a single searchable database. The group explains: The bill is very long and complex, and hundreds of amendments have been proposed. However, the Request Filter in particular is
receiving far too little attention . With a huge range of issues to deal with, the Request Filter has been absent from the discussions from the front benches, despite being the one of two completely new developments in the Bill. As the IPB enters report
stage we need to ensure that the Filter gets the attention it deserves from MPs. The Request Filter is described by the Home Office as a safeguard designed to reduce the collateral intrusion produced in searching for small,
specific information in a large dataset. In reality, the Request Filter would allow automated complex searches across the retained data from all telecommunications operators. This has the potential for population profiling,
composite fishing trips and the unaccountable generation of new insights. It is bulk data surveillance without the bulk label, and without any judicial authorisation at all. The Food Standards Agency will be able to self-authorise itself to cross
reference your internet history with your mobile phone location and landline phone calls--and search and compare millions of other people's records too. Queries can be made across datasets. Location data - which pub you were in -
can be compared with who you phoned, or which websites you visit. All with great convenience, through automated search. The searches will be increasingly focused on events, such as a website visited , or place people have gathered, rather than the
suspects. This is the reverse of the position today, which requires the police to focus on suspects, and work outwards. In the future, with the Filter, any query can examine the data of thousands of innocent persons - to check that they don't fit
the police's search criteria. The idea of passive retained records, that lie unexamined until someone comes to the attention of the authorities, will lie dead. The data becomes an actively checked resource, allowing
everyone's potential guilt to be assessed as needed. The Filter creates convenience for law enforcement queries, and pushes practice towards the use of intrusive capabilities. It lowers the practical level on which they are
employed. Techniques that today would be used only in the most serious crimes, because they require thought and care, tomorrow may be employed in run of the mill criminal activity, public order, or even food standards, as the bill stands.
The Filter was at the centre of debates when the original Snooper's Charter was first introduced in 2012. Parliament described the Request Filter at the time as essentially a federated database of all UK citizens' communications
data . This dystopian surveillance tool should be stopped, and next week MPs will have the chance to do it. There are several amendments presented by the Lib-Dem MP Alistair Carmichael that aim to remove the filter.
Another MP, the Conservative Stephen McPartland , who was part of the Science and Technology Committee and understands the implications of the Filter, has tabled a series of amendments with measures designed to constrain the power.
These include restricting the Filter to exceptional circumstances, putting it under the control of the Judicial Commissioner as other bulk powers, and bringing it into the statute book as formal Regulations - so it is subjected to the normal transparency
and processes of judicial review. It is important that all those amendments get debated. We want the complete removal of the filter. McPartland's amendments describe the minimum requirements even a proponent should be seeking, but
more importantly give MPs an opportunity to be told what the filter is, what it is capable of, and why the government plans so little oversight for it. The nature of the Filter must be discussed to expose the Orwellian doublespeak
characterisation by the Home Office of this surveillance tools as a safeguard to improve privacy.
|
|
|
|
|
| 19th May 2016
|
|
|
Open Rights group points out the Queen's Speech bill to extend government database sharing will necessarily be based on an ID number for every resident See
article from openrightsgroup.org |
|
It could be a creepy council employee wanting to snoop on you
|
|
|
| 13th May 2016
|
|
| See
article from dailymail.co.uk |
East Lothian Council has adopted the policy of using fake Facebook profiles enabling council employees to spy on law-abiding resident. A new policy has enabled investigating officers at East Lothian Council to use false Facebook identities to
befriend targets and? scour social media pages not protected by privacy settings. The nine-page surveillance through social media policy agreed by officials has been branded beyond creepy by critics who have questioned whether
it infringes privacy rights. Human rights lawyers and civil liberties groups have blasted the move, describing it as a sign that powers normally only used by police were spreading into other areas. Daniel Nesbitt, research director of Big
Brother Watch, said the council needs to say why these tactics are necessary, why they think they are proportionate and what safeguards will be in place. He added: For years now councils have been criticised for
using heavy-handed snooping tactics, and a nine-page document simply isn't good enough.
Jason Rose, who stood for the Greens in the East Lothian constituency in last year's Westminster elections said the? policy was beyond creepy
: I cannot believe our councillors have agreed this policy. It speaks volumes that a council which is so poor at communicating with the public and does not make its meetings available to view online agrees a covert
surveillance policy in such a secretive way.
|
|
Privacy International continues its challenge to the governments capability to hack and snoop effectively without needing judicial approval
|
|
|
| 11th May 2016
|
|
| See article from theregister.co.uk
|
Privacy International is reviving its challenge against the UK government's right to issue general hacking warrants. The group has filed for the High Court to review the Investigatory Powers Tribunal (IPT) decision that ruled the general warrants
are legal. At the moment the government issues general warrants to organisations such as GCHQ, allowing them to hack computers and phones of both UK and non-UK residents without the need for judges to sign-off the warrant first. Privacy
International is worried about the scope of general warrants, saying that it could mean an entire class of unidentified persons or property, such as all mobile phones in Nottingham could be hacked. It said that:
The common law is clear that a warrant must target an identified individual or group of identified individuals. The Snoopers' Charter, currently under consideration in parliament, is set to write this general
government hacking capability into law. |
|
The authorities find a wheeze to avoid giving defendants the rights and defences provided by the law intended to deal with getting people's encryption keys
|
|
|
| 11th May 2016
|
|
| See article from bbc.com See also
article from jackofkent.com |
A unjust bid by the National Crime Agency to use civil law to force an alleged cyber hacker to hand over encrypted computer passwords has been thrown out by a judge. The agency (NCA) seized the computers during a raid at Love's home in October 2013.
the authorities tried to shortcut lega safeguards in such cases by using an obscure civil law to extract the keys. But this legal shortcut has now beem rejected by a district judge. Delivering her judgment at London's Westminster Magistrates'
Court, District Judge Nina Tempia said the NCA should have used the normal police powers rather than a civil action to obtain the information: I'm not granting the application because, to obtain the information sought,
the correct procedure to use - as the NCA did two-and-a-half years ago - is RIPA (Regulation of Investigatory Powers Act) and the inherent safeguards incorporated thereafter, she said.
She added the powers of the court should not be
used to circumnavigate existing laws and the safeguards. The US is attempting to extradite Lauri Love on charges of hacking into the US Army, Nasa and US Federal Reserve networks. |
|
EU commissioner proposes that Europeans should use an Identity Card to logon in for internet services
|
|
|
| 1st May 2016
|
|
| See article from theregister.co.uk |
Estonian commissioner Andrus Ansip has re-introduced one of his favourite suggestions: using national ID cards to log in to online services: Online platforms need to accept credentials issued or recognised by national public authorities, such as
electronic ID cards, citizen cards, bank cards or mobile IDs . He claims that this is nothing to do with making mass surveillance easier, its apparently just to help users with their password management. Estonia introduced online ID in
2012 and it is claimed that subjects are happy with it too. |
|
A little known US Congress committee has proposed new hacking powers for government snoopers
|
|
|
| 1st May 2016
|
|
| See article from
eff.org See also EFF and Access Now's joint testimony on Rule 41. |
The EEF is a campaign group supporting people's rights in the digital world. The group writes: The US government hacking into phones and seizing computers remotely? It's not the plot of a dystopian blockbuster summer movie. It's a
proposal from an obscure committee that proposes changes to court procedures--and if we do nothing, it will go into effect in December. The proposal comes from the advisory committee on criminal rules for the Judicial Conference
of the United States. The amendment would update Rule 41 of the Federal Rules of Criminal Procedure, creating a sweeping expansion of law
enforcement's ability to engage in hacking and surveillance. The Supreme Court just passed the proposal to Congress, which has until December 1 to disavow the change or it becomes the rule governing every federal court across the country. This is part of
a statutory process through which federal courts may create new procedural rules, after giving public notice and allowing time for comment, under a "rules enabling act." 1 The Federal Rules of Criminal Procedure set the
ground rules for federal criminal prosecutions. The rules cover everything from correcting clerical errors in a judgment to which holidays a court will be closed on --all the day-to-day procedural details that come with running a judicial system.
The key word here is "procedural." By law, the rules and proposals are supposed to be procedural and must not change substantive rights. But the amendment to Rule 41 isn't procedural at all. It creates new avenues for
government hacking that were never approved by Congress. The proposal would grant a judge the ability to issue a warrant to remotely access, search, seize, or copy data when the district where the media or information is
located has been concealed through technological means or when the media are on protected computers that have been damaged without authorization and are located in five or more districts. It would grant this authority to any judge in any
district where activities related to the crime may have occurred. To understand all the implications of this rule change, let's break this into two segments. The first part of this change would grant
authority to practically any judge to issue a search warrant to remotely access, seize, or copy data relevant to a crime when a computer was using privacy-protective tools to safeguard one's location. Many different commonly used tools might fall into
this category. For example, people who use Tor, folks running a Tor node, or people using a VPN would certainly be implicated. It might also extend to people who deny access to location data for smartphone apps because they don't feel like sharing their
location with ad networks. It could even include individuals who change the country setting in an online service, like folks who change the country settings of their Twitter profile in order to read uncensored Tweets. There are
countless reasons people may want to use technology to shield their privacy. From journalists communicating with sources to victims of domestic violence seeking information on legal services, people worldwide depend on privacy tools for both safety and
security. Millions of people who have nothing in particular to hide may also choose to use privacy tools just because they're concerned about government surveillance of the Internet, or because they don't like leaving a data trail around haphazardly.
If this rule change is not stopped, anyone who is using any technological means to safeguard their location privacy could find themselves suddenly in the jurisdiction of a prosecutor-friendly or technically-naïve judge, anywhere in
the country. The second part of the proposal is just as concerning. It would grant authorization to a judge to issue a search warrant for hacking, seizing, or otherwise infiltrating computers that may be part of a botnet . This
means victims of malware could find themselves doubly infiltrated: their computers infected with malware and used to contribute to a botnet, and then government agents given free rein to remotely access their computers as part of the investigation. Even
with the best of intentions, a government agent could well cause as much or even more harm to a computer through remote access than the malware that originally infected the computer. Malicious actors may even be able to hijack the malware the government
uses to infiltrate botnets, because the government often doesn't design its malware securely . Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be
accessed during the investigation. This is a dangerous expansion of powers, and not something to be granted without any public debate on the topic. Make no mistake: the Rule 41 proposal implicates people well beyond U.S. borders.
This update expands the jurisdiction of judges to cover any computer user in the world who is using technology to protect their location privacy or is unwittingly part of a botnet. People both inside and outside of the United States should be equally
concerned about this proposal. The change to Rule 41 isn't merely a procedural update. It significantly expands the hacking capabilities of the United States government without any discussion or public debate by elected officials.
If members of the intelligence community believe these tools are necessary to advancing their investigations, then this is not the path forward. Only elected members of Congress should be writing laws, and they should be doing so in a matter that
considers the privacy, security, and civil liberties of people impacted. Rule 41 seeks to sidestep the legislative process while making sweeping sacrifices in our security. Congress should reject the proposal completely.
|
|
Nothing to hide, nothing to fear? The immense powers in the UK's new surveillance bill are questioned in a new documentary film, The Haystack
|
|
|
| 27th April
2016
|
|
| From opendemocracy.net by Matthew Linares |
The Haystack is a new documentary , released today by Scenes of Reason , bringing together leading lights for and against the UK's Investigatory Powers Bill. This unprecedented piece of legislation, which is now under parliamentary scrutiny, seeks to
affirm and expand the surveillance remit of UK security services and other departments, including new powers for the police to access internet connection records -- a database of the public's online activity over the previous 12 months.
The film provides an excellent roundup of arguments on both sides of the tortuous surveillance debate, including Conservative MP Johnny Mercer echoing the well-worn refrain, if you have nothing to hide, you have nothing to fear. Jim
Killock of the Open Rights Group , speaking at the film's launch, quipped that Mr Mercer might feel a bit different if it were the left-wing government of Jeremy Corbyn and
John McDonnell wielding these powers. Indeed, as far-right parties attract support around Europe and the world, the likelihood increases of tremendous state surveillance becoming the plaything of ever more abusive regimes. The
immense capabilities contained within the bill are unpalatable in the hands of any authority -- they are all too easily harnessed to undermine perfectly reasonable political opposition and judicial work. By way of example, the film outlines one such case
where the current UK government improperly gained access to privileged details of a court case against it. In this light, the bill seems an intolerable threat to democracy and free expression. Voices of concern from the security
community , such as Sir David Omand, ex-GCHQ chief, explain that precautions against terrorism require more spying. Others reject this, noting that security services have failed to act on intelligence when they do have it -- spending enormous sums on
digital surveillance only reduces their efficacy in the realm of traditional detective work. Moreover, those costs, to be borne by government and industry, are excessive at a time of cuts to other public services designed to protect us from more
conventional enemies, such as disease.
|
|
European Court of Justice hears case challenging the legality of the UK Government's mass communications snooping
|
|
|
| 12th April 2016
|
|
| See article from theguardian.com
|
The legality of Britain's surveillance laws used for the mass snooping of communications come unders the intense scrutiny of 15 European judges on Tuesday in a politically sensitive test case that could limit powers to gather online data. The
outcome of the hearing at the European court of justice (ECJ) in Luxembourg is likely to influence the final shape of the government's investigatory powers bill and will test judicial relationships within the EU. Around a dozen EU states including
the UK have intervened in the challenge against the government's Data Retention and Investigatory Powers Act 2014 (Dripa) that was originally brought by two MPs , the Conservative David Davis and Labour's deputy leader, Tom Watson. The British
case is being heard in conjunction with a Swedish case based on similar principles. |
|
|
|
|
| 11th April 2016
|
|
|
When money becomes information, it can inform on you. By Sarah Jeong See article from theatlantic.com |
|
The US proposes that people should be denied the security of encryption and be more open to scammers and thieves
|
|
|
| 10th April 2016
|
|
| See article from theregister.co.uk
|
A draft copy of a US law to criminalize strong encryption has been leaked online. And the internet is losing its shit. The proposed legislation hasn't been formally published yet: the document is still being hammered out by the Senate intelligence
select committee. The proposal reads: The underlying goal is simple, when there's a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No
individual or company is above the law. We're still in the process of soliciting input from stakeholders and hope to have final language ready soon.
The draft legislation, first leaked to Washington DC insider blog The Hill, is named
the Compliance with Court Orders Act of 2016 , and would require anyone who makes or programs a communications product in the US to provide law enforcement with any data they request in an intelligible format, when presented with a court
order. The bill stems from Apple's refusal to help the FBI break into the San Bernardino shooter's iPhone, but goes well beyond that case. The bill would require companies to either build a backdoor into their encryption systems or use an
encryption method that can be broken by a third party. On example of the tech community response was from computer forensics expert Jonathan Dziarski who said: The absurdity of this bill is beyond words. Due to
the technical ineptitude of its authors, combined with a hunger for unconstitutional governmental powers, the end result is a very dangerous document that will weaken the security of America's technology infrastructure.
Update: Pakistan and Turkey too 12th April 2016. See article from vocativ.com At least two other
countries--Pakistan and Turkey--already have versions of such laws on the books. The Pakistan Telecommunications Authority has previously instructed the country's internet service providers to ban encrypted communication, though it's largely VPN use,
which can be used to circumvent location-based internet censorship, that has been actively restricted there, and WhatsApp is still popular. Turkey takes the anti-encryption law on its books more seriously, and used it to initially charge Vice journalists
arrested in southeastern Turkey in September 2015. Meanwhile, France's National Assembly passed a bill in May to update its Penal Code to fine companies that don't find a way to undo their own encryption when served with a warrant in a terrorism
investigation. The french? Senate version of this bill excludes this provision, and seven members from each house will now begin a compromise. Update: Bill stalls 13th May 2016. See
article from click.actionnetwork.org Thanks to the attention
brought to the importance of encryption via Apple vs FBI from Fight for the Future and other strong voices, Compliance with Court Orders Act of 2016 - one of the worst national security bills ever drafted - is stalled. |
|
Hungary proposes that people should be denied the security of encryption and be more open to scammers and thieves
|
|
|
| 10th April 2016
|
|
| See article from boingboing.net |
The Hungarian ruling party wants to ban all working crypto. The parliamentary vice-president from Fidesz has asked parliament to: Ban communication devices that [law enforcement agencies] are not able to surveil despite
having the legal authority to do so.
Since any working cryptographic system is one that has no known vulnerabilities, whose key length is sufficient to make brute force guessing impractical within the lifespan of the universe, this
amounts to a ban on all file-level encryption and end-to-end communications encryption, as well as most kinds of transport encryption (for example, if your browser makes a SSL connection to a server that the Hungarian government can't subpoena, it would
have no means of surveiling your communication). |
|
WhatsApp announces the use of encryption for all calls and file transfers
|
|
|
| 6th April 2016
|
|
| See article from bbc.com See
article from independent.co.uk |
Messaging app WhatsApp has announced that it has added encryption for all voice calls and file transfers for all users. It renders messages generally unreadable if they are intercepted, for example by criminals or law enforcement. No doubt if the
security services throw all their computing might at a message then they may be able to decrypt it by brute force. The Facebook-owned company said protecting private communication of its one billion users worldwide was one of its core beliefs
. Whatsapp said: The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not
hackers. Not oppressive regimes. Not even us.
Users with the latest version of the app were notified about the change when sending messages on Tuesday. The setting is enabled by default. Users should be aware that snoopers can
still see a whole host of non-content data about the communication, such as who was using the app, who was being called, and for how long. Amnesty International called the move a huge victory for free speech:
Whatsapp's roll out of the Signal Protocol, providing end to end encryption for its one billion users worldwide, is a major boost for people's ability to express themselves and communicate without fear. This is
a huge victory for privacy and free speech, especially for activists and journalists who depend on strong and trustworthy communications to carry out their work without putting their lives at greater risk. |
|
|
|
|
| 1st April 2016
|
|
|
US police harass people running key elements of the Tor network See article from
ibtimes.co.uk |
|
|