Group items tagged

The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”

But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.

There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.

Experts and sources with knowledge of the situation say the most controversial Internet bill of the year, the Cyber Information Sharing and Protection Act (CISPA), is already dead in the water. That's good news for the millions worldwide who have formally registered their opposition to the bill. Designed to help the U.S. fight online attacks, CISPA would make it easier for corporations that are hacked to pass what they know to government agencies—including, critics say, swaths of your private information that would otherwise be protected by law. But though CISPA resoundingly passed the House of Representatives April 18, "it is extremely unlikely for the Senate" to vote on the bill," the ACLU's Michelle Richardson told the Daily Dot.

A Senate committee aide, who requested to not be named, told the Daily Dot that "there is no possible plan to bring up CISPA," in the Senate. The aide cited the fact that the Senate tried to pass its own cybersecurity bill, the Cybersecurity Act of 2012 (CSA). While unsuccessful, it underscored a desire for legislation that took more explicit efforts to protect individuals' Internet privacy. "There are just too many problems with it," the aide said of CISPA. This is backed up by U.S. News and World Report, which has reported that a staffer on the Senate's Committee on Commerce, Science and Transportation explicitly claims CISPA is no longer a possibility, and senators are "drafting separate bills" to include some CISPA provisions.

We owe everything we love about the Web to net neutrality, the principle that the Internet is an open platform and service providers like AT&T, Comcast, and Time Warner can’t dictate where you go and what you do online. Without net neutrality, the Web would look a lot like cable, with the most popular content available only on certain tiers or with certain providers. (Imagine AT&T as the exclusive home of Netflix and Comcast as the sole source of YouTube.)

In 2010, the Federal Communications Commission tried to establish concrete rules to protect net neutrality. But the agency ended up caving to pressure from the biggest phone and cable companies and left huge loopholes standing in the way of a truly open Internet. And now Verizon is in court challenging those rules — and the FCC’s authority to draft and enforce them to protect consumers and promote competition. That’s because under the Bush administration, the FCC decided to give away much of its authority to oversee our broadband networks. The current FCC could fix the problem by reclaiming this authority, but it hasn’t yet. If the FCC loses the case and fails to take the necessary action to reverse course, the agency will be toothless as the biggest Internet providers run amok and destroy everything we love about the Internet. Indeed, the second it looks like the FCC is going to be defeated, you can expect all the telecoms and ISPs to join hands and declare they’ve reached an agreement to self-regulate.

If this happens, they’ll win and we’ll lose. Online privacy will be a thing of the past. (If you thought it already was, believe me, things could get worse.) The ISPs will try to read all of your content so they can sell you to advertisers. New “troll tolls” will force content creators and others to pay discriminatory fees just to reach people online — and will require the rest of us to pony up for “premium” content. Does that sound Orwellian? That’s because it is. But this is no far-fetched scenario. It’s time for us to stand up and fight for our online rights. We need to tell the FCC to stop messing around. It’s time for the agency to fix its past mistakes — and establish strong net neutrality protections that are 100 percent loophole-free.

In a post on Wednesday, researchers Alex Halderman and Nadia Heninger presented compelling research suggesting that the NSA has developed the capability to decrypt a large number of HTTPS, SSH, and VPN connections using an attack on common implementations of the Diffie-Hellman key exchange algorithm with 1024-bit primes. Earlier in the year, they were part of a research group that published a study of the Logjam attack, which leveraged overlooked and outdated code to enforce "export-grade" (downgraded, 512-bit) parameters for Diffie-Hellman. By performing a cost analysis of the algorithm with stronger 1024-bit parameters and comparing that with what we know of the NSA "black budget" (and reading between the lines of several leaked documents about NSA interception capabilities) they concluded that it's likely NSA has been breaking 1024-bit Diffie-Hellman for some time now. The good news is, in the time since this research was originally published, the major browser vendors (IE, Chrome, and Firefox) have removed support for 512-bit Diffie-Hellman, addressing the biggest vulnerability. However, 1024-bit Diffie-Hellman remains supported for the forseeable future despite its vulnerability to NSA surveillance. In this post, we present some practical tips to protect yourself from the surveillance machine, whether you're using a web browser, an SSH client, or VPN software. Disclaimer: This is not a complete guide, and not all software is covered.

French privacy watchdog, the Commission Nationale de l’Informatique et des Libertés (CNIL), has hit Google with a 150 million euro fine and Facebook with a 60 million euro fine, because their websites—google.fr, youtube.com, and facebook.com—don’t make refusing cookies as easy as accepting them. The CNIL carried out an online investigation after receiving complaints from users about the way cookies were handled on these sites. It found that while the sites offered buttons for allowing immediate acceptance of cookies, the sites didn’t implement an equivalent solution to let users refuse them. Several clicks were required to refuse all cookies, against a single one to accept them. In addition to the fines, the companies have been given three months to provide Internet users in France with a way to refuse cookies that’s as simple as accepting them. If they don’t, the companies will have to pay a penalty of 100,000 euros for each day they delay.

EU data protection regulators’ powers have increased significantly since the General Data Protection Regulation (GDPR) took effect in May 2018. This EU law allows watchdogs to levy penalties of as much as 4% of a company’s annual global sales. The restricted committee, the body in charge of sanctions, considered that the process regarding cookies affects the freedom of consent of Internet users and constitutes an infringement of the French Data Protection Act, which demands that it should be as easy to refuse cookies as to accept them. Since March 31, 2021, when the deadline set for websites and mobile applications to comply with the new rules on cookies expired, the CNIL has adopted nearly 100 corrective measures (orders and sanctions) related to non-compliance with the legislation on cookies.

Brussels, 18 March 2013 -- More than 35 European and United States civil society organisations insist that a proposed trade agreement between the EU and the US exclude any provisions related to patents, copyright, trademarks, or other forms of so-called "intellectual property". Such provisions could impede citizens' rights to health, culture, and free expression and otherwise affect their daily lives.

The civil society organisations also insist that the EU and US will release the negotiating texts of the trade agreement they intend to negotiate. They believe that secretive "trade" negotiations are absolutely unacceptable forums for devising binding rules that change national non-trade laws.

We, the undersigned, are internet freedom and public health groups, activists, and other public interest leaders dedicated to the rights of all people to access cultural and educational resources and affordable medicines, to enjoy a free and open internet, and to benefit from open and needs-driven innovation. First, we insist that the European Union and United States release, in timely and ongoing fashion, any and all negotiating or pre-negotiation texts. We believe that secretive "trade" negotiations are absolutely unacceptable forums for devising binding rules that change national non-trade laws. Second, we insist that the proposed TAFTA exclude any provisions related to patents, copyright, trademarks, data protection, geographical indications, or other forms of so-called "intellectual property". Such provisions could impede our rights to health, culture, and free expression and otherwise affect our daily lives.

Where power is not overtly totalitarian, wealthy elites have bought up all media, first in print, then radio, then television, and used it to advance narratives that are favorable to their interests. Not until humanity gained widespread access to the internet has our species had the ability to freely and easily share ideas and information on a large scale without regulation by the iron-fisted grip of power. This newfound ability arguably had a direct impact on the election for the most powerful elected office in the most powerful government in the world in 2016, as a leak publishing outlet combined with alternative and social media enabled ordinary Americans to tell one another their own stories about what they thought was going on in their country.This newly democratized narrative-generating power of the masses gave those in power an immense fright, and they’ve been working to restore the old order of power controlling information ever since. And the editor-in-chief of the aforementioned leak publishing outlet, WikiLeaks, has been repeatedly trying to warn us about this coming development.

In a statement that was recently read during the “Organising Resistance to Internet Censorship” webinar, sponsored by the World Socialist Web Site, Assange warned of how “digital super states” like Facebook and Google have been working to “re-establish discourse control”, giving authority over how ideas and information are shared back to those in power.Assange went on to say that the manipulative attempts of world power structures to regain control of discourse in the information age has been “operating at a scale, speed, and increasingly at a subtlety, that appears likely to eclipse human counter-measures.”What this means is that using increasingly more advanced forms of artificial intelligence, power structures are becoming more and more capable of controlling the ideas and information that people are able to access and share with one another, hide information which goes against the interests of those power structures and elevate narratives which support those interests, all of course while maintaining the illusion of freedom and lively debate.

To be clear, this is already happening. Due to a recent shift in Google’s “evaluation methods”, traffic to left-leaning and anti-establishment websites has plummeted, with sites like WikiLeaks, Alternet, Counterpunch, Global Research, Consortium News, Truthout, and WSWS losing up to 70 percent of the views they were getting prior to the changes. Powerful billionaire oligarchs Pierre Omidyar and George Soros are openly financing the development of “an automated fact-checking system” (AI) to hide “fake news” from the public.

Edward Snowden has hit out at Dropbox and other services he says are “hostile to privacy,” urging web users to abandon unencrypted communication and adjust privacy settings to prevent governments from spying on them in increasingly intrusive ways. “We are no longer citizens, we no longer have leaders. We’re subjects, and we have rulers,” Snowden told The New Yorker magazine in a comprehensive hour-long interview. There isn’t enough investment into security research, into understanding how metadata could better be protected and why that is more necessary today than yesterday, he said.

Edward Snowden has hit out at Dropbox and other services he says are “hostile to privacy,” urging web users to abandon unencrypted communication and adjust privacy settings to prevent governments from spying on them in increasingly intrusive ways. “We are no longer citizens, we no longer have leaders. We’re subjects, and we have rulers,” Snowden told The New Yorker magazine in a comprehensive hour-long interview. There isn’t enough investment into security research, into understanding how metadata could better be protected and why that is more necessary today than yesterday, he said.

The whistleblower believes one fallacy in how authorities view individual rights has to do with making the individual forsake those rights by default. Snowden’s point is that the moment you are compelled to reveal that you have nothing to hide is when the right to privacy stops being a right – because you are effectively waiving that right. “When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ The way rights work is, the government has to justify its intrusion into your rights – you don’t have to justify why you need freedom of speech.” In that situation, it becomes OK to live in a world where one is no longer interested in privacy as such – a world where Facebook, Google and Dropbox have become ubiquitous, and where there are virtually no safeguards against the wrongful use of the information one puts there.

(Reuters) - Russia's parliament passed a law on Friday to force Internet sites that store the personal data of Russian citizens to do so inside the country, a move the Kremlin says is for data protection but which critics see an attack on social networks. The law will mean that from 2016, all Internet companies will have to move Russian data onto servers based in Russia or face being blocked from the web. That would likely affect U.S.-based social networks such as Facebook, analysts say.

Putin, an ex-KGB officer who has called the Internet a "CIA project", denied he was restricting web freedoms, saying his main concern was protecting children from indecent content.