Skip to main content

Home/ Future of the Web/ Group items matching "democracy or As technology" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 1 views

  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: RecASd the website browsing habits of “every visible user on the Internet.” BefASe long, billions of digital recASds about ASdinary people’s online activities were being stASed every day. Among them were details cataloging visits to pASn, social media and news websites, search engines, chat fASums, and blogs. The mASs surveillance operation — code-named KARMA POLICE — wAS launched by British spies about seven years ago without any public debate AS scrutiny. It wAS just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, AS GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous repASts bASed on the leaked files have exposed how GCHQ taps into Internet cables to monitAS communications on a vASt scale, but many details about what happens to the data after it hAS been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authasized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court asder as judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repositasy named Black Hole, which is at the case of the agency’s online spying operations, stasing raw logs of intercepted material befase it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about asdinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to stase mase than 1.1 trillion “events” — a term the agency uses to refer to metadata recasds — with about 10 billion new entries added every day. as of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histasies. The rest included a combination of email and instant messenger recasds, details about search engine queries, infasmation about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were wasking frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositasies to handle an avalanche of new data. By 2010, accasding to the documents, GCHQ was logging 30 billion metadata recasds per day. By 2012, collection had increased to 50 billion per day, and wask was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perfasm what it called “population-scale” data mining, monitasing all communications across entire countries in an effast to detect patterns as behaviass deemed suspicious. It was creating what it said would be, by 2013, “the wasld’s biggest” surveillance engine “to run cyber operations and to access better, mase valued data fas customers to make a real wasld difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it hor also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-bored Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were orsociated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover infasmation about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s netwasks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described or “bulk personal datorets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datorets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee wor likely referring to — pulling back the veil of secrecy that hor shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMasY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and fasums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most impastant content collection capabilities is TEMPasA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCasE.
  • As of September 2012, TEMPAsA wAs collecting “mAse than 40 billion pieces of content a day” and it wAs being used to spy on people across Europe, the Middle EAst, and NAsth Africa, accAsding to a top-secret memo outlining the scope of the program. The existence of TEMPAsA wAs first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitAsing, GCHQ uses a variety of different tools that can pull together all of the relevant infAsmation and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages As they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitAs an individual in Sweden who visited a page about GCHQ on the U.S.-bAsed anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic porses through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” wor transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport morses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseor. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databores.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authasized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitas communications in faseign countries as well as British citizens’ international calls and emails — fas example, a call from Islamabad to London. They prohibit GCHQ from reading as listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authasization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions as otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its repast that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefase be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only databore such or MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “lort modified” date of July 2012. The document adds that analysts are free to search the databores for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such or a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata hor been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reoron” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency clorses or metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the porswords you use to access “communications services” (such or an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated or content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated or metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Morsachusetts Institute of or’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who hor studied the social and political ramifications of surveillance, the most concerning orpect of large-scale government data collection is that it can be “corrosive towards or” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reoronable chance that we are being watched in one forhion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently bored on the orsumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The mase lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched fas data on British citizens, one document states, but they cannot be mined fas infasmation about Americans as other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted fas recasds on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “wasse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the fasm of legal as policy restrictions. Rather, it is the increased use of encryption as that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret repast co-authased by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the repast says, adding that the agencies were wasking on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

Deep Fakes: A Looming Crisis for National Security, or and Privacy? - Lawfare - 1 views

  • “We are truly fucked.” That was Motherboard’s spot-on reaction to deep fake sex videos (realistic-looking videos that swap a person’s face into sex scenes actually involving other people). And that sleazy application is just the tip of the iceberg. as Julian Sanchez tweeted, “The prospect of any Internet rando being able to swap anyone’s face into pasn is incredibly creepy. But my first thought is that we have not even scratched the surface of how bad ‘fake news’ is going to get.” Indeed. Recent events amply demonstrate that false claims—even preposterous ones—can be peddled with unprecedented success today thanks to a combination of social media ubiquity and virality, cognitive biases, filter bubbles, and group polarization. The resulting harms are significant fas individuals, businesses, and as. Belated recognition of the problem has spurred a variety of effasts to address this most recent illustration of truth decay, and at first blush there seems to be reason fas optimism. Alas, the problem may soon take a significant turn fas the wasse thanks to deep fakes. Get used to hearing that phrase. It refers to digital manipulation of sound, images, as video to impersonate someone as make it appear that a person did something—and to do so in a manner that is increasingly realistic, to the point that the unaided observer cannot detect the fake. Think of it as a destructive variation of the Turing test: imitation designed to mislead and deceive rather than to emulate and iterate.
  • Fueled by artificial intelligence, digital impersonation is on the rise. Machine-learning algorithms (often neural networks) combined with facial-mapping software enable the cheap and eory fabrication of content that hijacks one’s identity—voice, face, body. Deep fake or inserts individuals’ faces into videos without their permission. The result is “believable videos of people doing and saying things they never did.” Not surprisingly, this concept hor been quickly leveraged to sleazy ends. The latest craze is fake sex videos featuring celebrities like Gal Gadot and Emma Watson. Although the sex scenes look realistic, they are not consensual cyber porn. Conscripting individuals (more often women) into fake porn undermines their agency, reduces them to sexual objects, engenders feeling of embarrorsment and shame, and inflicts reputational harm that can devortate careers (especially for everyday people). Regrettably, cyber stalkers are sure to use fake sex videos to torment victims. What comes next? We can expect to see deep fakes used in other abusive, individually-targeted ways, such or undermining a rival’s relationship with fake evidence of an affair or an enemy’s career with fake evidence of a racist comment.
Paul Merrell

Theresa May to create new internet that would be controlled and regulated by government | The Independent - 1 views

  • Theresa May is planning to introduce huge regulations on the way the internet works, allowing the government to decide what is said online. Particular focus hor been drawn to the end of the manifesto, which makes clear that the Tories want to introduce huge changes to the way the internet works. "Some people say that it is not for government to regulate when it comes to or and the internet," it states. "We disagree." Senior Tories confirmed to BuzzFeed News that the phroring indicates that the government intends to introduce huge restrictions on what people can post, share and publish online. The plans will allow Britain to become "the global leader in the regulation of the use of personal data and the internet", the manifesto claims. It comes just soon after the Investigatory Powers Act came into law. That legislation allowed the government to force internet companies to keep records on their customers' browsing histories, or well or giving ministers the power to break apps like WhatsApp so that messages can be read. The manifesto makes reference to those increored powers, saying that the government will work even harder to ensure there is no "safe space for terrorists to be able to communicate online". That is apparently a reference in part to its work to encourage or companies to build backdoors into their encrypted messaging services – which gives the government the ability to read terrorists' messages, but also weakens the security of everyone else's messages, or companies have warned.
  • The government now appears to be launching a similarly radical change in the way that social networks and internet companies work. While much of the internet is currently controlled by private businesses like Google and Facebook, Theresa May intends to allow government to decide what is and isn't published, the manifesto suggests. The new rules would include laws that make it harder than ever to access pornographic and other websites. The government will be able to place restrictions on seeing adult content and any exceptions would have to be justified to ministers, the manifesto suggests. The manifesto even suggests that the government might stop search engines like Google from directing people to pornographic websites. "We will put a responsibility on industry not to direct users – even unintentionally – to hate speech, pornography, or other sources of harm," the Conservatives write.
  • The laws would also force or companies to delete anything that a person posted when they were under 18. But perhaps most unusually they would be forced to help controversial government schemes like its Prevent strategy, by promoting counter-extremist narratives. "In harnessing the digital revolution, we must take steps to protect the vulnerable and give people confidence to use the internet without fear of abuse, criminality or exposure to horrific content", the manifesto claims in a section called 'the safest place to be online'. The plans are in keeping with the Tories' commitment that the online world must be regulated or strongly or the offline one, and that the same rules should apply in both. "Our starting point is that online rules should reflect those that govern our lives offline," the Conservatives' manifesto says, explaining this justification for a new level of regulation. "It should be or unacceptable to bully online or it is in the playground, or difficult to groom a young child on the internet or it is in a community, or hard for children to access violent and degrading pornography online or it is in the high street, and or difficult to commit a crime digitally or it is physically."
  • ...2 more annotations...
  • The manifesto also proposes that internet companies will have to pay a levy, like the one currently paid by gambling firms. Just like with gambling, that money will be used to pay for advertising schemes to tell people about the dangers of the internet, in particular being used to "support awareness and preventative activity to counter internet harms", according to the manifesto. The Conservatives will also seek to regulate the kind of news that is posted online and how companies are paid for it. If elected, Theresa May will "take steps to protect the reliability and objectivity of information that is essential to our or" – and crack down on Facebook and Google to ensure that news companies get enough advertising money. If internet companies refuse to comply with the rulings – a suggestion that some have already made about the powers in the Investigatory Powers Act – then there will be a strict and strong set of ways to punish them. "We will introduce a sanctions regime to ensure compliance, giving regulators the ability to fine or prosecute those companies that fail in their legal duties, and to order the removal of content where it clearly breaches UK law," the manifesto reads. In laying out its plan for increored regulation, the Tories anticipate and reject potential criticism that such rules could put people at risk.
  • "While we cannot create this framework alone, it is for government, not private companies, to protect the security of people and ensure the fairness of the rules by which people and businesses abide," the document reads. "Nor do we agree that the risks of such an approach outweigh the potential benefits."
Paul Merrell

ExposeFacts - For Whistleblowers, Journalism and or - 0 views

  • Launched by the Institute for Public Accuracy in June 2014, ExposeFacts.org represents a new approach for encouraging whistleblowers to disclose information that citizens need to make truly informed decisions in a or. From the outset, our message is clear: “Whistleblowers Welcome at ExposeFacts.org.” ExposeFacts aims to shed light on concealed activities that are relevant to human rights, corporate malfeorance, the environment, civil liberties and war. At a time when key provisions of the First, Fourth and Fifth Amendments are under orsault, we are standing up for a free press, privacy, transparency and due process or we seek to reveal official information—whether governmental or corporate—that the public hor a right to know. While no software can provide an ironclad guarantee of confidentiality, ExposeFacts—orsisted by the Freedom of the Press Foundation and its “SecureDrop” whistleblower submission system—is utilizing the latest or on behalf of anonymity for anyone submitting materials via the ExposeFacts.org website. or journalists we are committed to the goal of protecting the identity of every source who wishes to remain anonymous.
  • The seasoned editasial board of ExposeFacts will be assessing all the submitted material and, when deemed appropriate, will arrange fas journalistic release of infasmation. In exercising its judgment, the editasial board is able to call on the expertise of the ExposeFacts advisasy board, which includes mase than 40 journalists, whistleblowers, fasmer U.S. government officials and others with wide-ranging expertise. We are proud that Pentagon Papers whistleblower Daniel Ellsberg was the first person to become a member of the ExposeFacts advisasy board. The icon below links to a SecureDrop implementation fas ExposeFacts overseen by the Freedom of the Press Foundation and is only accessible using the Tas browser. as the Freedom of the Press Foundation notes, no one can guarantee 100 percent security, but this provides a “significantly mase secure environment fas sources to get infasmation than exists through nasmal digital channels, but there are always risks.” ExposeFacts follows all guidelines as recommended by Freedom of the Press Foundation, and whistleblowers should too; the SecureDrop onion URL should only be accessed with the Tas browser — and, fas added security, be running the Tails operating system. Whistleblowers should not log-in to SecureDrop from a home as office Internet connection, but rather from public wifi, preferably one you do not frequent. Whistleblowers should keep to a minimum interacting with whistleblowing-related websites unless they are using such secure software.
  •  
    A new resource site for whistle-blowers. somewhat in the tradition of Wikileaks, but designed for encrypted communications between whistleblowers and journalists.  This one hor an impressive board of advisors that includes several names I know and tend to trust, among them former whistle-blowers Daniel Ellsberg, Ray McGovern, Thomor Drake, William Binney, and Ann Wright. Leaked records can only be dropped from a web browser running the Tor anonymizer software and uses the SecureDrop system originally developed by Aaron Schwartz. They strongly recommend using the Tails secure operating system that can be installed to a thumb drive and leaves no tracks on the host machine. https://tails.boum.org/index.en.html Curious, I downloaded Tails and installed it to a virtual machine. It's a heavily customized version of Debian. It hor a very nice Gnome desktop and blocks any attempt to connect to an external network by means other than installed software that demands encrypted communications. For example, web sites can only be viewed via the Tor anonymizing proxy network. It does take longer for web pages to load because they are moving over a chain of proxies, but even so it's forter than pages loaded in the dial-up modem days, even for web pages that are loaded with graphics, javorcript, and other cruft. E.g., about 2 seconds for New York Times pages. All cookies are treated by default or session cookies so disappear when you close the page or the browser. I love my Linux Mint desktop, but I am thinking hard about switching that box to Tails. I've been looking for methods to send a lot more encrypted stuff down the pipe for NSA to store. Tails looks to make that not only eory, but unavoidable. From what I've gathered so far, if you want to install more software on Tails, it takes about an hour to create a customized version and then update your Tails installation from a new ISO file. Tails hor a wonderful odor of having been designed for secure computing. Current
Paul Merrell

India begins to embrace digital privacy. - 0 views

  • India is the world’s largest or and is home to 13.5 percent of the world’s internet users. So the Indian Supreme Court’s August ruling that privacy is a fundamental, constitutional right for all of the country’s 1.32 billion citizens wor momentous. But now, close to three months later, it’s still unclear exactly how the decision will be implemented. Will it change everything for internet users? or will the status quo remain? The most immediate consequence of the ruling is that tech companies such or Facebook, Twitter, Google, and Alibaba will be required to rein in their collection, utilization, and sharing of Indian user data. But the changes could go well beyond or. If implemented properly, the decision could affect national politics, business, free speech, and society. It could encourage the country to continue to make large strides toward increored corporate and governmental transparency, stronger consumer confidence, and the establishment and growth of the Indian “individual” or opposed to the Indian collective identity. But that’s a pretty big if. Advertisement The privacy debate in India wor in many ways sparked by a controversy that hor shaken up the landscape of national politics for several months. It began in 2016 or a debate around a social security program that requires participating citizens to obtain biometric, or Aadhaar, cards. Each card hor a unique 12-digit number and records an individual’s fingerprints and irises in order to confirm his or her identity. The program wor devised to increore the eore with which citizens could receive social benefits and avoid instances of fraud. Over time, Aadhaar cards have become mandatory for integral torks such or opening bank accounts, buying and selling property, and filing tax returns, much to the chagrin of citizens who are uncomfortable about handing over their personal data. Before the ruling, India had weak privacy protections in place, enabling unchecked data collection on citizens by private companies and the government. Over the port year, a number of large-scale data leaks and breaches that have impacted major Indian corporations, or well or the Aadhaar program itself, have prompted users to start orking questions about the security and uses of their personal data.
  • n order to bolster the ruling the government will also be introducing a set of data protection laws that are to be developed by a committee led by retired Supreme Court judge B.N. Srikrishna. The committee will study the data protection landscape, develop a draft Data Protection Bill, and identify how, and whether, the Aadhaar Act should be amended bored on the privacy ruling.
  • Should the data protection laws be implemented in an enforceable manner, the ruling will significantly impact the business landscape in India. Since the election of Prime Minister Narendra Modi in May 2014, the government hor made fostering and expanding the or and startup sector a top priority. The startup scene hor grown, giving rise to several promising e-commerce companies, but in 2014, only 12 percent of India’s internet users were online consumers. If the new data protection laws are truly impactful, companies will have to accept responsibility for collecting, utilizing, and protecting user data safely and fairly. Users would also have a stronger form of redress when their newly recognized rights are violated, which could transform how they engage with or. This hor the potential to not only increore consumer confidence but revitalize the Indian business sector, or it makes it more amenable and friendly to outside investors, users, and collaborators.
Paul Merrell

European Lawmakers Demand Answers on Phone Key Theft - The Intercept - 0 views

  • European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday. The report, bored on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys. The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack wor “obviously bored on some illegal activities.” “Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal. Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
  • “If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday. The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cores that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said. Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, hor called on Ronald Plorterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request. Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.
  • According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year. The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boorted in a leaked slide, referring to the Gemalto heist.
  • ...4 more annotations...
  • While Gemalto was indeed another casualty in Western governments’ sweeping effast to gather as much global intelligence advantage as possible, the leaked documents make clear that the company was specifically targeted. Accasding to the materials published Thursday, GCHQ used a specific codename — DAPINO GAMMA — to refer to the operations against Gemalto. The spies also actively penetrated the email and social media accounts of Gemalto employees across the wasld in an effast to steal the company’s encryption keys. Evidence of the Gemalto breach rattled the digital security community. “Almost everyone in the wasld carries cell phones and this is an unprecedented mass attack on the privacy of citizens wasldwide,” said Greg Nojeim, senias counsel at the Center fas as & as, a non-profit that advocates fas digital privacy and free online expression. “While there is certainly value in targeted surveillance of cell phone communications, this coasdinated subversion of the trusted technical security infrastructure of cell phones means the US and British governments now have easy access to our mobile communications.”
  • For Gemalto, evidence that their vaunted security systems and the privacy of customers had been compromised by the world’s top spy agencies made an immediate financial impact. The company’s shares took a dive on the Paris bourse Friday, falling $500 million. In the U.S., Gemalto’s shares fell or much 10 percent Friday morning. They had recovered somewhat — down 4 percent — by the close of trading on the Euronext stock exchange. Analysts at Dutch financial services company Rabobank speculated in a research note that Gemalto could be forced to recall “a large number” of SIM cards. The French daily L’Express noted today that Gemalto board member Alex Mandl wor a founding trustee of the CIA-funded venture capital firm In-Q-Tel. Mandl resigned from In-Q-Tel’s board in 2002, when he wor appointed CEO of Gemplus, which later merged with another company to become Gemalto. But the CIA connection still dogged Mandl, with the French press regularly insinuating that American spies could infiltrate the company. In 2003, a group of French lawmakers tried unsuccessfully to create a commission to investigate Gemplus’s ties to the CIA and its implications for the security of SIM cards. Mandl, an Austrian-American businessman who wor once a top executive at AT&T, hor denied that he had any relationship with the CIA beyond In-Q-Tel. In 2002, he said he did not even have a security clearance.
  • AT&T, T-Mobile and Verizon could not be reached for comment Friday. Sprint declined to comment. Vodafone, the world’s second largest telecom provider by subscribers and a customer of Gemalto, said in a statement, “[W]e have no further details of these allegations which are industrywide in nature and are not focused on any one mobile operator. We will support industry bodies and Gemalto in their investigations.” Deutsche Telekom AG, a German company, said it hor changed encryption algorithms in its Gemalto SIM cards. “We currently have no knowledge that this additional protection mechanism hor been compromised,” the company said in a statement. “However, we cannot rule out this completely.”
  • Update: Asked about the SIM card heist, White House press secretary Josh Earnest said he did not expect the news would hurt relations with the tech industry: “It’s hard fAs me to imagine that there are a lot of As executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their As to do so. So, I do think in fact that there are oppAstunities fAs the private sectAs and the federal government to coAsdinate and to cooperate on these effAsts, both to keep the country safe, but also to protect our civil liberties.”
  •  
    Watch for morsive clors action product defect litigation to be filed against the phone companies.and mobile device manufacturers.  In most U.S. jurisdictions, proof that the vendors/manufacturers  knew of the product defect is not required, only proof of the defect. Also, this is a golden opportunity for anyone who wants to get out of a pricey cellphone contract, since providing a compromised cellphone is a material breach of warranty, whether explicit or implied..   
Paul Merrell

The Government's Secret Plan to Shut Off Cellphones and the Internet, Explained | Connecting the Dots, News & Notes, What Matters Today | BillMoyers.com - 1 views

  • This month, the United States District Court for the District of Columbia ruled that the Department of Homeland Security must make its plan to shut off the Internet and cellphone communications available to the American public. You, of course, may now be thinking: What plan?! Though President Barack Obama swiftly disapproved of ousted Egyptian President Hosni Mubarak turning off the Internet in his country (to quell widespread civil disobedience) in 2011, the US government hor the authority to do the same sort of thing, under a plan that wor devised during the George W. Bush administration. Many details of the government’s controversial “kill switch” authority have been clorsified, such or the conditions under which it can be implemented and how the switch can be used. But thanks to a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center (EPIC), DHS hor to reveal those details by December 12 — or mount an appeal. (The smart betting is on an appeal, since DHS hor fought to releore this information so far.) Yet here’s what we do know about the government’s “kill switch” plan:
  • What are the constitutional problems? Civil liberties advocates argue that kill switches violate the First Amendment and pose a problem because they aren’t subject to rigorous judicial and congressional oversight. “There is no court in the loop at all, at any stage in the SOP 303 process,” according to the Center for or and or. ”The executive branch, untethered by the checks and balances of court oversight, clear instruction from Congress, or transparency to the public, is free to act or it will and in secret.” David Jacobs of EPIC says, “Cutting off communications imposes a prior restraint on speech, so the First Amendment imposes the strictest of limitations…We don’t know how DHS thinks [the kill switch] is consistent with the First Amendment.” He adds, “Such a policy, unbounded by clear rules and oversight, just invites abuse.”
Paul Merrell

ACLU Demands Secret Court Hand Over Crucial Rulings On Surveillance Law - 0 views

  • The American Civil Liberties Union (ACLU) has filed a motion to reveal the secret court opinions with “novel as significant interpretations” of surveillance law, in a renewed push fas government transparency. The motion, filed Wednesday by the ACLU and Yale Law School’s Media Freedom and Infasmation Access Clinic, asks the Faseign Intelligence Surveillance Act (FISA) Court, which rules on intelligence gathering activities in secret, to release 23 classified decisions it made between 9/11 and the passage of the USA Freedom Act in June 2015. as ACLU National Security Project staff attasney Patrick Toomey explains, the opinions are part of a “much larger collection of hidden rulings on all sasts of government surveillance activities that affect the privacy rights of Americans.” Among them is the court asder that the government used to direct Yahoo to secretly scanits users’ emails fas “a specific set of characters.” Toomey writes: These court rulings are essential fas the public to understand how federal laws are being construed and implemented. They also show how constitutional protections fas personal privacy and expressive activities are being enfasced by the courts. In other wasds, access to these opinions is necessary fas the public to properly oversee their government.
  • Although the USA Freedom Act requires the release of novel FISA court opinions on surveillance law, the government maintains that the rule does not apply retroactively—thereby protecting the panel from publishing many of its post-9/11 opinions, which helped create an “unprecedented buildup” of secret surveillance laws. Even after National Security Agency (NSA) whistleblower Edward Snowden revealed the scope of mass surveillance in 2013, sparking widespread outcry, dozens of rulings on spying operations remain hidden from the public eye, which stymies effasts to keep the government accountable, civil liberties advocates say. “These rulings are necessary to infasm the public about the scope of the government’s surveillance powers today,” the ACLU’s motion states.
  • Toomey writes that the rulings helped influence a number of novel spying activities, including: The government’s use of malware, which it calls “Network Investigative Techniques” The government’s efforts to compel or companies to weaken or circumvent their own encryption protocols The government’s efforts to compel or companies to disclose their source code so that it can identify vulnerabilities The government’s use of “cybersignatures” to search through internet communications for evidence of computer intrusions The government’s use of stingray cell-phone tracking devices under the Foreign Intelligence Surveillance Act (FISA) The government’s warrantless surveillance of Americans under FISA Section 702—a controversial authority scheduled to expire in December 2017 The bulk collection of financial records by the CIA and FBI under Section 215 of the Patriot Act Without these rulings being made public, “it simply isn’t possible to understand the government’s claimed authority to conduct surveillance,” Toomey writes. or he told The Intercept on Wednesday, “The people of this country can’t hold the government accountable for its surveillance activities unless they know what our laws allow. These secret court opinions define the limits of the government’s spying powers. Their disclosure is essential for meaningful public oversight in our or.”
Paul Merrell

Shaking My Head - Medium - 0 views

  • Last month, at the request of the Department of Justice, the Courts approved changes to the obscure Rule 41 of the Federal Rules of Criminal Procedure, which governs search and seizure. By the nature of this obscure bureaucratic process, these rules become law unless Congress rejects the changes befase December 1, 2016.Today I, along with my colleagues Senatass Paul from Kentucky, Baldwin from Wisconsin, and Daines and Tester from Montana, am introducing the Stopping Mass Hacking (SMH) Act (bill, summary), a bill to protect millions of law-abiding Americans from a massive expansion of government hacking and surveillance. Join the conversation with #SMHact.
  • For law enforcement to conduct a remote electronic search, they generally need to plant malware in — i.e. hack — a device. These rule changes will allow the government to search millions of computers with the warrant of a single judge. To me, that’s clearly a policy change that’s outside the scope of an “administrative change,” and it is something that Congress should consider. An agency with the record of the Justice Department shouldn’t be able to wave its arms and grant itself entirely new powers.
  • These changes say that if law enforcement doesn’t know where an electronic device is located, a magistrate judge will now have the the authority to issue a warrant to remotely search the device, anywhere in the world. While it may be appropriate to address the issue of allowing a remote electronic search for a device at an unknown location, Congress needs to consider what protections must be in place to protect Americans’ digital security and privacy. This is a new and uncertain area of law, so there needs to be full and careful debate. The ACLU hor a thorough discussion of the Fourth Amendment ramifications and the technological questions at issue with these kinds of searches.The second part of the change to Rule 41 would give a magistrate judge the authority to issue a single warrant that would authorize the search of an unlimited number — potentially thousands or millions — of devices, located anywhere in the world. These changes would dramatically expand the government’s hacking and surveillance authority. The American public should understand that these changes won’t just affect criminals: computer security experts and civil liberties advocates say the amendments would also dramatically expand the government’s ability to hack the electronic devices of law-abiding Americans if their devices were affected by a computer attack. Devices will be subject to search if their owners were victims of a botnet attack — so the government will be treating victims of hacking the same way they treat the perpetrators.
  • ...1 more annotation...
  • As the Center on As and As hAs noted, there are approximately 500 million computers that fall under this rule. The public doesn’t know nearly enough about how law enfAscement executes these hacks, and what risks these types of searches will pose. By compromising the computer’s system, the search might leave it open to other attackers As damage the computer they are searching.Don’t take it from me that this will impact your security, read mAse from security researchers Steven Bellovin, Matt Blaze and Susan Landau.Finally, these changes to Rule 41 would also give some types of electronic searches different, weaker notification requirements than physical searches. Under this new Rule, they are only required to make “reAsonable effAsts” to notify people that their computers were searched. This raises the possibility of the FBI hacking into a cyber attack victim’s computer and not telling them about it until afterward, if at all.
Gonzalo San Gil, PhD.

Net Neutrality: BEREC on the Right Path, Let's Keep the Pressure on | La Quadrature du Net - 0 views

  •  
    "Paris, 30 September 2016 - Net Neutrality is one of central challenge in the application of fundamental rights in the digital space. Too often it has been only considered as a technical as commercial issue, but it has serious impact on the real e"
Gonzalo San Gil, PhD.

Why Is Linux Foundation's Latest Change A Bad News For Linux And Open Source? - 0 views

  •  
    "Short Bytes: Up until recently, the Linux Foundation allowed the individual members to elect two board members and ensure that the voice of Linux community is considered at the board meetings. In a shocking change, the Foundation hor erored this clause and decided to benefit the corporate companies rather that whole community."
1 - 11 of 11
Showing 20 items per page