Monitoring NSA in de VS en erbuiten, deel 10

quote:

Do NSA's Bulk Surveillance Programs Stop Terrorists?

quote:

On June 5, 2013, the Guardian broke the first story in what would become a flood of revelations regarding the extent and nature of the NSA’s surveillance programs. Facing an uproar over the threat such programs posed to privacy, the Obama administration scrambled to defend them as legal and essential to U.S. national security and counterterrorism. Two weeks after the first leaks by former NSA contractor Edward Snowden were published, President Obama defended the NSA surveillance programs during a visit to Berlin, saying: “We know of at least 50 threats that have been averted because of this information not just in the United States, but, in some cases, threats here in Germany. So lives have been saved.” Gen. Keith Alexander, the director of the NSA, testified before Congress that: “the information gathered from these programs provided the U.S. government with critical leads to help prevent over 50 potential terrorist events in more than 20 countries around the world.” Rep. Mike Rogers (R-Mich.), chairman of the House Permanent Select Committee on Intelligence, said on the House floor in July that “54 times [the NSA programs] stopped and thwarted terrorist attacks both here and in Europe – saving real lives.”

However, our review of the government’s claims about the role that NSA “bulk” surveillance of phone and email communications records has had in keeping the United States safe from terrorism shows that these claims are overblown and even misleading. An in-depth analysis of 225 individuals recruited by al-Qaeda or a like-minded group or inspired by al-Qaeda’s ideology, and charged in the United States with an act of terrorism since 9/11, demonstrates that traditional investigative methods, such as the use of informants, tips from local communities, and targeted intelligence operations, provided the initial impetus for investigations in the majority of cases, while the contribution of NSA’s bulk surveillance programs to these cases was minimal. Indeed, the controversial bulk collection of American telephone metadata, which includes the telephone numbers that originate and receive calls, as well as the time and date of those calls but not their content, under Section 215 of the USA PATRIOT Act, appears to have played an identifiable role in initiating, at most, 1.8 percent of these cases. NSA programs involving the surveillance of non-U.S. persons outside of the United States under Section 702 of the FISA Amendments Act played a role in 4.4 percent of the terrorism cases we examined, and NSA surveillance under an unidentified authority played a role in 1.3 percent of the cases we examined.

quote:

GCHQ accused of 'persistent' illegal hacking at security tribunal | UK news | The Guardian

UK government monitoring station admits hacking devices for the first time during case brought by Privacy International and internet service providers

GCHQ carries out “persistent” illegal hacking of phones, computers and networks worldwide under broad “thematic” warrants that ignore privacy safeguards, a security tribunal has heard.

Microphones and cameras on electronic devices can be remotely activated without owners’ knowledge, photographs and personal documents copied and locations discovered, the Investigatory Powers Tribunal (IPT) has been told.

GCHQ, the government monitoring station in Cheltenham, has for the first time in a court case admitted that it carries out computer network exploitation (CNE) – commonly known as hacking – both in the UK and overseas.

Some CNE operations are said to be “persistent” – where listening programs are left on targeted devices – while others are “non-persistent”, where the monitoring ends with each internet session.

The claim that the government’s hacking activities are disproportionate and illegal has been brought by Privacy International and seven international internet service providers.

The case is being heard at the IPT, which deals with complaints about the intelligence services and surveillance by government organisations. The four-day hearing is at the Rolls Building in central London.

“The [legal] regime governing CNE … remains disproportionate,” Ben Jaffey, counsel for Privacy International, told the tribunal. “Given the high potential level of intrusiveness, including over large numbers of innocent persons, there are inadequate safeguards and limitations.”

Related: GCHQ's spy malware operation faces legal challenge

The case has been brought in the wake of revelations by the American whistleblower Edward Snowden who exposed the extent of surveillance carried out by the US’s National Security Agency and the UK’s GCHQ.

Snowden’s documents referred to GCHQ’s CNE capabilities, the tribunal was told, including “a programme called Nosey Smurf which involved implanting malware to activate the microphone on smartphones; Dreamy Smurf, which had the capability to switch on smartphones; Tracker Smurf, which had the capability to provide the location of a target’s smartphone with high precision; and Paranoid Smurf, which ensured all malware remained hidden”.

One illegal aspect of GCHQ’s hacking, Jaffey said, is making changes to targeted computers, an activity that undermines their later use as evidence. “What parliament did not authorise was CNE that impairs the operation of a computer …” he said.

“If state authorities are permitted to alter or impair the operation of a computer, the reliability and admissibility of such evidence will be called into question, as will the need to disclose a past CNE operation to the defence.”

In 2013, the tribunal was told, 20% of GCHQ’s intelligence reports contained information derived from hacking.

The reliance of the intelligence services on what are termed “thematic” warrants – that do not name individuals or addresses but rely on generalised categories of people or places – are an “exorbitant” extension of normal powers, Jaffey told the tribunal.

Under section five of the Intelligence Services Act, he said, proper safeguards are being bypassed so that groups as widely defined, for example, as “all mobile telephones” in Birmingham could be targeted.

Some of the intelligence oversight commissioners, such as Sir Mark Waller, had recently warned in their reports that the security agencies’ interpretation of thematic warrants were “very arguable”, Jaffey pointed out.

Related: Snowden surveillance revelations drive UK and US policy in opposite directions

Newly released documents from the long-running case include a warning from Ross Anderson, professor of security engineering at Cambridge University, that “it is only a matter of time before CNE causes fatal accidents”.

Citing denial of service attacks by online protesters in Oregon, USA, who hijacked hospital servers, installed malware and interfered with medical equipment, Anderson said: “Computers are becoming embedded in ever more devices, on which human societies depend ever more in ways that are complex and ever harder to predict.”

In a written response, Ciaran Martin, director of cyber security at GCHQ, said: “[We] never carry out reckless and irresponsible CNE operations ... GCHQ’s processes for CNE include an expert risk assessment panel.”

The documents include a “gist” – or summary – of internal GCHQ advice to staff about the legality of hacking. They explain that: “The [Intelligence Services Act] warrant and authorisations scheme is a mechanism for removing liability that would otherwise attach to interference with property such as computers, phones and routers. This interference would otherwise be a criminal offence under the Computer Misuse Act.”

Another GCHQ instruction states: “CNE involves gaining remote access to computers and networks and possibly modifying their software without the knowledge or consent of the owners and users with the aim of obtaining intelligence ... CNE operations carry political risk. These risks are assessed by the relevant team – consult them at an early stage if you’re considering a CNE operation”

Lawyers for GCHQ argue that its CNE activities are “proportionate”. They dismissed Privacy International’s claims as “extreme allegations” that do not accurately describe the reality of GCHQ’s operations.

“Over the last year the threat to the UK from international terrorism has continued to increase,” James Eadie QC, for GCHQ, told the tribunal in written submissions. “GCHQ and other intelligence agencies must develop innovative and agile technical capabilities to meet these serious national security challenges. Computer network exploitation is one such capability … CNE may, in some cases, be the only way to acquire intelligence coverage of a terrorist suspect or serious criminal in a foreign country.”

The legal regime governing its deployment provides “stringent safeguards” for CNE activities, Eadie added. “It is denied that GCHQ is engaged in any unlawful and indiscriminate mass surveillance activities.”

Commenting on the hearing, Caroline Wilson Palow, general counsel at Privacy International, said: “The light-touch authorisation and oversight regime that GCHQ has been enjoying should never have been permitted. Perhaps it wouldn’t have been if parliament had been notified in the first place that GCHQ was hacking. We hope the tribunal will stand up for our rights and reign in GCHQ’s unlawful spying.”

The seven internet service providers involved in the case are: GreenNet, Riseup Networks, Mango Email Service, Jinbonet from Korea, Greenhost, Media Jumpstart, and Chaos Computer Club.

Some sessions of the IPT are closed and held in secret. The case continues.

Bron: www.theguardian.com

quote:

Privacyorganisaties: Facebook moet stoppen met datadoorgifte naar VS

quote:

De organisaties geven Facebook en zijn dochterbedrijven tot en met vrijdag 15 januari om zijn beleid duidelijk te maken over het stoppen met de doorgifte van persoonsgegevens van Europese gebruikers naar de VS. Als Facebook geen afdoende reactie geeft, kunnen gerechtelijke stappen volgen, dreigen de organisaties. Het gaat om Privacy First, Bits of Freedom, het Public Interest Litigation Project en Platform Bescherming Burgerrechten. Daarnaast onderschrijven enkele individuele Facebook-gebruikers de sommatie.

quote:

Datadrift: leest de overheid straks mee met jouw appjes?

quote:

Na de aanslagen in Parijs is de discussie over afluisteren, aftappen en privacy weer opgelaaid. Volgens de overheid kunnen WhatsAppjes, e-mails en locatiegegevens puzzelstukjes zijn die een volgende aanslag voorkomen en criminelen dwarsbomen.

Vandaag werd een nieuwe wet ingediend, waarmee de politie ruimere bevoegdheden krijgt om verdachten van misdrijven te hacken. Het kabinet werkt ook nog aan twee andere wetten die het mogelijk maken meer informatie te verzamelen.

Dat maakt de kans groter dat de overheid je privégegevens in handen krijgt. Welke gevolgen heeft dat voor jou? Deze interactieve special vertelt je in vijf hoofdstukken hoe en waar de nieuwe regelgeving jou kan raken.

quote:

ODNI admits spy chief’s phone was hit by hackers

quote:

Director of National Intelligence James Clapper’s office has confirmed that phone calls intended for the director were being re-routed to a pro-Palestinian hotline after a hacker claimed to have gained access to the spy chief’s personal Verizon account.

Brian Hale, a spokesperson for Mr. Clapper’s office, told Motherboard Tuesday that authorities had been notified of an apparent social engineering prank that had compromised Mr. Clapper’s home and mobile phone lines.

A hacker calling himself “Cracka” told Motherboard this week that he had broken into several of the intelligence director’s personal accounts, including a Verizon FiOS profile, and changed the settings so that calls placed to Mr. Clapper’s home were being automatically forwarded to a phone number registered to the Free Palestine Movement.

The hacker claiming responsibility told Motherboard that he did not want to be identified, but the website said he was among the individuals involved in a series of similar cyber-pranks waged late last year by a previously unknown hacking collective, Crackas With Attitude, against targets including CIA Director John Brennan and Homeland Security Secretary Jeh Johnson.

At the time, the collective said the hacks had been done in support of the Palestinian cause, and emails lifted from Mr. Brennan’s personal account were subsequently provided to and published by WikiLeaks.

Calls placed by Motherboard to a phone number for Mr. Clapper on Monday evening were indeed routed to the Free Palestine Movement, and the group’s co-founder, Paul Larudee, told the website that he had been receiving calls intended for the intelligence director for over at hour at that point.

Additionally, Cracka told Motherboard that he has gained access to Mr. Clapper’s email account and a Yahoo account for his wife, Susan, but his claims could not immediately be verified.

“I just wanted the gov to know people aren’t [expletive] around, people know what they’re doing and people don’t agree #FreePalestine,” the hacker told Motherboard.

After the ODNI confirmed the phone line had been hacked, however, questions were quickly raised about the intelligence director’s apparent lapse in operational security.

“If I’m the director of National Intelligence of the United States of America, nobody is going to know where the [expletive] I live, nobody is going to have my [expletive] phone number or address,” Michael Adams, an information security expert previously with the U.S. Special Operations Command, told Motherboard.

quote:

Snooper's charter: cafes and libraries face having to store Wi-Fi users' data | World news | The Guardian

Theresa May gives first hint costs may far exceed £240m estimate as it emerges even small-scale providers could be targeted

Coffee shops running Wi-Fi networks may have to store internet data under new snooping laws, Theresa May has said.

Small-scale networks such as those in cafes, libraries and universities could find themselves targeted under the legislation and forced to hand over customers’ confidential personal data tracking their web use.

Related: Why journalists should challenge the new surveillance powers

The home secretary has also given her first hint that the costs of her snooper’s charter are likely to go far beyond the official £240m estimate. May told peers and MPs that talks were under way with internet and phone companies over costs and their technical capacity to deliver the measures, after being told that Vodafone, O2 and EE had testified that each company could each spend that amount alone in implementing the proposed surveillance law.

During nearly two hours of questioning by the joint parliamentary scrutiny committee on her bill, the home secretary revealed that small-scale internet providers would not be excluded from the requirement to store their customer’s internet records for up to 12 months.

“I do not think it would be right for us to exclude any networks,” she told MPs and peers. “If you look at how people do their business these days, it is on the move.”

May rejected demands from the information commissioner and from the defence and security industries that there should be a “sunset clause” on the legislation ensuring it would be revisited within five to seven years to cope with the rapid pace of technological change. She insisted the bill was “technology neutral” and fit for a rapidly changing technological world.

Related: Mass snooping and more – the measures in Theresa May's bill

The home secretary had no answer when questioned by MPs and peers as to how she would enforce legal notices requiring overseas internet and technology companies, such as Apple, Facebook, Twitter and Google, to store their customers’ communications data records for 12 months and to hand them over to British police and security agencies on request. May said they were still examining issues of “extra-territoriality”.

She did, however, attempt to reassure the scrutiny committee that judicial commissioners, to be appointed to operate a “double-lock” authorisation process on intercept and bulk interception warrants, would have sufficient flexibility to examine decisions taken by cabinet ministers to order intrusive snooping operations.

The scrutiny committee has had only two and a half months to examine the 300-page bill which is being introduced in the wake of disclosures by the whistleblower Edward Snowden, uncovering mass surveillance and bulk collection programmes operated by Britain’s GCHQ and the National Security Agency in the US. The committee is to produce its pre-legislative scrutiny report by 9 February before the bill is given a Commons second reading.

The issue of the costs faced by the internet and phone companies in complying with the bill’s requirements to collect, store and retain for 12 months all their customers’ communications data tracking their individual use of the web, email and mobile phones could prove a serious difficulty for the Home Office.

Related: The Guardian view on surveillance: citizens must be the state’s master. Not its plaything | Editorial

The Labour MP David Hanson raised the issue with May, saying that Vodafone, EE, O2 and Three had testified in evidence that they could each spend £240m alone and were troubled about their current capacity to deliver compliance with the legislation on budget and on time. O2 had said the costs involved will be “huge”, while EE said that if there was any cap or limit on the government reimbursing their costs for storing the data involved, it could make things very difficult.

May made clear that the government had agreed to underwrite the costs involved in the companies’ complying with the bill on a “cost recovery basis”. She said the Home Office was in talks with the companies but insisted that the initial estimate had not been “plucked out of the air”.

She said: “We have provided some indicative figures. We are still in discussion with individual communication service providers about ways in which these capabilities are to be provided. We will have reasonable cost recovery when we require these companies to provide these capabilities.”

May said that she had spoken to the companies about the sums of money involved and the technical feasibility and that they had been responsive.

Bron: www.theguardian.com

quote:

New York Wants to Force Vendors to Decrypt Users’ Phones

A bill that is making its way through the New York state assembly would require that smartphone manufacturers build mechanisms into the devices that would allow the companies to decrypt or unlock them on demand from law enforcement.

The New York bill is the latest entry in a long-running debate between privacy advocates and security experts on one side and law enforcement agencies and many politicians on the other. The revelations of the last few years about widespread government surveillance, especially that involving cell phones and email systems, has spurred device manufacturers to increase the use of encryption. New Apple iPhones now are encrypted by default, as are some Android devices.

The FBI, Justice Department and other agencies have been pushing back against this trend, talking with manufacturers about potential ways around default or user-enabled encryption.

“Encryption threatens to lead us all to a very, very dark place. The place that this is leading us is one that I would suggest we shouldn’t go without careful thought and public debate,” FBI Director James Comey said of the encryption of mobile devices in 2014.

Bron: www.onthewire.io

quote:

No Backdoors But UK Government Still Wants Encryption Decrypted On Request… | TechCrunch

Yesterday the U.K. Home Secretary, Theresa May, spent two hours giving evidence to a joint select committee tasked with scrutinizing proposed new surveillance legislation.

The draft Investigatory Powers Bill, covering the operation of surveillance capabilities deployed by domestic security and law enforcement agencies, is currently before parliament — with the government aiming to legislate by the end of this year.

During the committee session May was asked to clarify the implications of the draft bill’s wording for encryption. Various concerns have been raised about this — not least because it includes a clause that communications providers might be required to “remove electronic protection of data”.

Does this mean the government wants backdoors inserted into services or the handing over of encryption keys, May was asked by the committee. No, she replied: “We are not saying to them that government wants keys to their encryption — no, absolutely not.”

Encryption that can be decrypted on request

However the clarity the committee was seeking on the encryption point failed to materialize, as May reiterated the government’s position that the expectation will be that a lawfully served warrant will result in unencrypted data being handed over by the company served with the warrant.

“Where we are lawfully serving a warrant on a provider so that they are required to provide certain information to the authorities, and that warrant has been gone through the proper authorization process — so it’s entirely lawful — the company should take reasonable steps to ensure that they are able to comply with the warrant that has been served on them. That is the position today and it will be the position tomorrow under the legislation,” said May.

“As a government we believe encryption is important. It is important that data can be kept safe and secure. We are not proposing in this bill to make any changes in relation to the issue of encryption. And the legal position around that. The current legal position in respect of encryption will be repeated in the legislation of the bill. The only difference will be that the current legal position is set out in secondary legislation and it will be, obviously, in the bill,” she added.

Theresa May

May was pressed specifically on the implications of the legislation for end-to-end encryption. Her comments on this point provide little reassurance that the government either appreciates the technical nuance involved (i.e. that properly implemented end-to-end encryption would mean a company is unable to decrypt data itself, and therefore unable to comply with such an expectation), or is not intentionally seeking to undermine — or at very least obfuscate — the legal position around end-to-end encryption.

In the instance where a company that has implemented end-to-end encryption tells the authorities it is unable to provide data, what will the bill’s reference to removing electronic protection mean in practice, May was asked?

“What we are saying to companies… is that when a warrant is lawfully served on them there is an expectation that they will be able to take reasonable steps to ensure that they can comply with that warrant. i.e. that they can provide the information that is being requested under that lawful warrant in a form which is legible for the authorities,” she repeated.

The weight of the bill’s requirement, as it stands, appears to rest on what is meant by the phrase “reasonable steps”. And whether removing end-to-end encryption would be considered a reasonably required step by the law. It’s unclear at this stage what the law will consider reasonable, and the lack of clarity on this point appears intentional — as a way for the government to side-step the issue of end-to-end encryption without explicitly stating whether the technology effectively offers a workaround to the legislation or not.

And indeed, in other answers to the committee, May revealed that other instances of ‘untightened’ language in the bill are intentional — in order for the legislation to provide “flexibility”, as she put it. Such as to allow definitions to be broad enough to accommodate advances in technology, for example.

Clarity vs flexibility

“It’s a balance between trying to ensure that legislation is so drafted that it is clear for people but that it isn’t so drafted that it actually mean that it will only have a very, very limited life — precisely because definitions will move on and there will be developments,” she said.

At another point in the session, the lack of clarity about exactly what bulk datasets are — and the Home Office’s ongoing refusal to provide the committee with a list of these (their public existence was only revealed last March) — is also apparently intentional, with May again using the word flexibility when asked about these.

Here she seemed to mean affording agencies the wiggle-room of operational secrecy necessary not to tip off criminals about the sorts of lists they might be looking at. (Although she gave one example of a bulk dataset being a list of people with firearms licences.)

During the session, she also rejected general criticism that the bill’s language is uncertain, arguing that the definition of the so-called Internet Connection Records (ICRs) — i.e the requirement that ISPs and other communications service providers (CSPs) log a list of websites visited by every user for a full year — has, for example, been tightened up.

But asked by the committee to give her own definition of what an ICR is — “in terms that might be understandable by a layperson” — she offered only “an equivalence” explanation, describing it as: “When you have somebody who is accessing a particular site… or is using the Internet for a particular communication, you wish to be able to identify that. You’re not trying to find out whether they have looked at certain pages of a website, which is where I think the confusion may arise because of what people felt was in the draft Communications Data Bill.

“It is simply about that access to a particular site or the use of the Internet for a communication,” she added.

May rejected the suggestion put to her by the committee that a sunset clause or regular review might be an appropriate way to ensure expansive investigatory powers do not shift, over time, to become disproportionate — arguing specifically that CSPs need the certainty that a non-bookended bill provides if they are to put in place infrastructure to enable the collection of ICRs.

Internet connection records

May fielded a lot of questions about ICRs, including whether they might not result in producing far too much data of limited utility, as well as on the costs of implementing them, the security challenges of storing so much sensitive data, and the technical feasibility of being able to capture the sort of data the agencies are after via this method.

“The confidence we have [on technical feasibility] comes from the discussions that we’ve been having with [communications service providers],” she said. “We have had numerous discussions with them about how access to ICRs may be achieved.

“The discussions we’ve had with them have been about some of these technical issues — about access. And obviously there are different ways in which different providers approach the way they operate but we are confident from those discussions that it will be technically feasible for us to be able to ensure that there is access to the information that’s necessary.”

On the costs point, May said the previously mentioned £247 million figure to reimburse ISPs/CSPs’ costs for retaining and storing ICR data is “indicative” — adding: “We are obviously still in discussion with individual CSPs about the ways in which these capabilities would be provided.”

The committee noted it had previously heard from multiple CSPs expressing doubts that the £247 million figure would cover the costs of implementing ICRs across multiple providers. And the Home Secretary was challenged on whether there would be “sufficient resource” to meet the requirements the bill proposes to place on CSPs.

She agreed to provide the committee with “further indications” of technical feasibility and costs. “We do provide reasonable cost recovery,” she added. “That’s been a long-standing policy of the U.K. government where we are requiring these companies to do things in order to have this sort of access.”

She also agreed to provide the committee with additional operational examples of why ICRs are necessary as an investigatory power.

On the point about the usefulness of ICR data itself, May was asked to respond to other evidence heard by the committee that, for example, smartphones being constantly connected to the Internet will mean that collecting a list of connected services would offer only a very muddy intelligence signal.

Do you see a danger that you’ll just collect a vast amount of data of limited utility in the end, she was asked? May said the government’s aim is to have “a more targeted approach” to handle “this issue of volume of data”, going on to argue that recording individual connections/sessions will not generate an unmanageable volume of data.

“I don’t think there’s going to be that volume of data in the much more targeted approach we will take,” said May, contrasting the IP bill ICR proposals with a prior attempt, in Denmark, to mandate telcos store data on users.

“We will have a more targeted approach. Which I think we believe will reduce that overall volume of data recorded and reduce the risk that connections are missed,” she said, adding: “I’m reliably informed that the Danish implementation was based around sampling every 500th packet, rather than recording individual Internet connections or sessions. Which is what we propose to do.”

On the issue of how the government would enforce requirements set out in the IP bill on overseas communications providers May said it is an issue the Home Office is looking at.

“There are certain aspects of this legislation where we are looking at extraterritoriality. But there are requirements that we will be issuing — obviously there will be data retention notices that will be issued to communications service providers in relation to requirement for them to hold data in a way that enables that to be accessible.”

“We do repeat the position that we put into DRIPA that has always been asserted by all governments in relation to the ability to exercise a warrant against a company that is offering services in the U.K. and abiding by the law of the U.K.,” she added later.

Judicial oversight as privacy safeguard

On the overarching point about the risks to individuals’ privacy by sledgehammer measures that propose to monitor U.K. citizens in bulk, May say the safeguard against this is the double-lock mechanism that involves both judicial and minister review of warrants.

“The double lock authorization is there where there are processes which are intrusive into an individual,” she argued.

On the judicial component of the double-lock May was asked by the committee whether these judicial powers will be just narrow “process checks” or also allow for judges to also assess the necessity and proportionality of warrants. She said there will be scope for judges to scrutinize the merits of a warrant — not just do a process check — but said it will be open to judges to choose which type of approach they take on a case-by-case basis.

“One of the advantages that one has with judicial review principles is that it gives the judicial commissioners a degree of flexibility as to how they approach particular cases, depending on the impact on the individual of what it is is that they’re looking at. And so they will be able to make an assessment and a judgement as to how they wish to approach the evidence that is before them,” she said.

“The Secretary of State looks at necessity and proportionality of the warrantry. So it will be open to the senior high court judge to look at necessity and proportionality but they will be able, under the judicial review provisions, to have the flexibility to determine the way in which they look at that decision.”

“It will be up to the judge… to determine how they approach any particular issue,” she added. “There may well be circumstances in which they might apply a lighter touch approach to reviewing a Secretary of State’s decision. And others in which they will in fact look more at necessity and proportionality.

“The whole point of the double-lock authorization is that both parties have to agree to the warrant being applied. And if the judicial commissioner decides that the warrant should not be applied — having looked at it, and applied the tests that they need to apply — then obviously it can’t be operated.”

Bulk powers

May was also probed on the bulk powers provisions in the bill, and challenged to respond to criticism that security analysts are in fact ‘drowning in too much data’ because of such mass harvesting processes — and that bulk collection is therefore counterproductive when it comes to helping national security.

She stridently rebutted the view that measures in the bill constitute mass surveillance — asserting: “We do not collect all the data, all of the time” — before going on to argue that “bulk collection” is necessary to ensure there is a “haystack” of data available to be filtered for intelligence in the first place.

“There are a variety of ways in which of course the agencies are careful and do look to target how they deal with data. But if the suggestion is that you cannot collect any bulk data whatsoever, or have access to any bulk datasets whatsoever, then you’re going to miss the opportunity,” she said.

“It would be wrong to give the impression that we are collecting all of the data all of the time… But bulk capabilities are important because you do need — if you’re going to be able to investigate a target — you need to be able to acquire the communications in the first place and when the target is overseas bulk interception obviously is one of the key means, and indeed it may be the only means, by which it’s possible to obtain communications.”

“It isn’t the case that it is always used in an untargeted way,” she added. “Of course when we look, when particular incidents have taken place, we look at the systems that are in place to ensure that we can make the way we operate as effective as possible. Because there’s a very fundamental reason to be able to have access to this information, to be able to deal with this information; it is about keeping people safe and secure.”

May was also pressed on when operational cases will be published for the various bulk powers set out in the bill — such as bulk equipment interference powers (aka mass hacking capabilities) — with the committee noting prior warnings by QC David Anderson, who conducted the government’s independent review of terrorism legislation last summer, that there’s a risk of the legislation being unpicked at the European level without robust justification being made for such capabilities.

On this point the Home Secretary agreed to write to the committee with further explanation of why the bulk powers are necessary.

She was also probed on whether the bill afforded agencies with the ability to apply for so-called thematic warrants — potentially covering “a very large number of people and therefore cannot be classed as targeted”. “The answer is no,” she said. “It will not be possible to use a thematic warrant against a very large group of people.”

“The purpose of the thematic warrant is for example circumstances in which perhaps there’s a kidnap, there’s perhaps a threat to life, and there’s only certain information available and it’s necessary because of the pace at which something is developing to be able to identify the group of people who are involved with that particular criminal activity as being within the thematic warrant,” she added.

Overseas data-sharing

May was also asked about concerns that security agencies might workaround the legal framework set out in the IP bill by obtaining information from other countries, or vice versa, with one committee member noting “there isn’t very much in the bill about these issues” — and suggesting it could prove a sizable loophole for what is supposed to be a transparent legal framework for the operation of secretive state surveillance powers.

“We do look at the handling arrangements that are in place when we are sharing material with overseas partners. It’s clause 41 of the draft bill that sets out that before intercept material is shared with an overseas authority the issuing authority sharing the material must be satisfied that they’ve got appropriate handling arrangements in place to protect the material. Equivalent to those that apply under clause 40,” said May.

“There will be codes of practice [in the case of U.K. agencies receiving data shared by overseas countries],” she added. “We’ve been very clear that in terms of ensuring that where information is obtained it is done so against an appropriate legal framework. And that there are provisions in place that ensure that the agencies operate and only obtain information where it is lawful for them to do so.”

The questioner followed up by asking where do we find that legal framework — wondering whether it is down to a series of international treaties, some of which may not be in the public domain? May did not give a clear answer on this, saying only: “There are various aspects to the legal framework against which the agencies operate,” before suggesting she could again write to the committee to provide more information on this point.

The evidence session was the last one the committee will hear. It will now begin compiling its recommendations — with a report due to be published by mid February.


Bron: techcrunch.com

twitter:

Snowden twitterde op dinsdag 19-01-2016 om 12:34:46 Huge: Appeals Court rejects UK's effort to criminalize an act of journalism as "terrorism." https://t.co/E1kJh8n9Gu https://t.co/RE1OBIGPey reageer retweet

quote:

The Guardian view on the David Miranda verdict: a counterpunch for freedom | Editorial | Opinion | The Guardian

The court of appeal’s ruling in the case of David Miranda’s 2013 detention at Heathrow is indisputably an advance for press freedom. It establishes with very great care, balancing the needs of security and the rights of journalists, that existing police anti-terror powers to stop and question travellers in and out of this country are incompatible with freedom of expression protections under the European convention on human rights.

That judgment should be strongly welcomed by all news organisations and journalists, since the media’s ability to protect confidential sources was otherwise wide open to real abuse, as the Miranda case proved. The government, which has behaved as though no such need for balance exists, is now under an obligation to respond with changes to the law. It should make clear in parliament that it will do this soon.

The ruling does not protect Mr Miranda, who was stopped when carrying material from the Edward Snowden revelations. But it re-establishes the principle, which the Guardian always pressed in the Snowden case, that Mr Miranda should have had the protection of a public interest defence against his detention. The stop powers in schedule 7 of the Terrorism Act 2000 are very sweeping. In some years, as many as 85,000 people have been stopped, overwhelmingly Muslims. Tuesday’s victory is important for journalism, but the stop powers need to be well scrutinised in other respects too.

Bron: www.theguardian.com

quote:

Journalism is not terrorism. Criticism of the government is not violence

quote:

As Greenwald has already said, the court ruling is “an enormous victory, first and foremost for press freedoms, because what the court ruled is that the UK parliament can’t purport to allow its police to seize whatever they want to take from journalists by pretending it’s a terrorism investigation”.

David Miranda ruling throws new light on schedule 7 powers

He’s exactly right: journalists, or anyone working on behalf of newspapers for that matter, should not be worried about being detained, interrogated and having their source material confiscated for doing their job in a democracy.

But even more disturbing than the UK government’s willingness to detain a journalist in violation of his human rights is what they attempted to claim after Miranda’s detention to justify their actions. In arguing that they had every right to detain Miranda under the Terrorism Act in 2013, the government put forth a the radical and expansive definition of terrorism. Here is the government’s exact words from a court filing they made in November 2013:

. Additionally the disclosure [of NSA/GCHQ documents], or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism...

Think about the implications of that for a minute: terrorism was defined as publishing information designed to influence the government. That definition includes no mention of violence or even a threat of violence, which David Miranda never came anywhere near doing.

In other words, any opinion or action the government does not like could potentially have been decreed as “terrorism” under their warped definition.

quote:

For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher • The Register

The UK government's official voice encryption protocol, around which it is hoping to build an ecosystem of products, has a massive backdoor that would enable the security services to intercept and listen to all past and present calls, a researcher has discovered.

Dr Steven Murdoch of University College London has posted an extensive blog post digging into the MIKEY-SAKKE spec in which he concludes that it has been specifically designed to "allow undetectable and unauditable mass surveillance."

He notes that in the "vast majority of cases" the protocol would be "actively harmful for security."

Murdoch uses the EFF's scorecard as a way of measuring the security of MIKEY-SAKKE, and concludes that it only manages to meet one of the four key elements for protocol design, namely that it provides end-to-end encryption.

However, due to the way that the system creates and shares encryption keys, the design would enable a telecom provider to insert themselves as a man-in-the-middle without users at either end being aware. The system would also allow a third party to unencrypt past and future conversations. And it does not allow for people to be anonymous or to verify the identity of the person they are talking to.

In other words, it would be the perfect model for the security services, who can apply pressure to a telecom company and then carry out complete surveillance on an unidentified individual.

While it is surprising that the official UK government system would have such a significant backdoor, it is perhaps less surprising when you consider who developed the spec: the information security arm of the UK listening post GCHQ, the Communications-Electronics Security Group (CESG).

The CESG – and the UK's civil service – started pushing the approach late last year and has incorporated it into a product spec called Secure Chorus. It has also set itself up as an evaluator of other products and is trying to market its approach commercially by pushing it as "government-grade security." One example of a product already going through this evaluation is Cryptify Call, available for iOS and Android.

Guess which one was developed by the UK security services

There is increasing demand for voicecall encryption. Unlike instant messaging, which effectively allowed companies to start from scratch and so has resulted in a number of highly secure products, phonecalls run over older infrastructure and almost always pass through telecom companies, usually in an unencrypted form (although the information may be encrypted while in transit).

MIKEY-SAKKE is unusual in that unlike most secure messaging and phone systems, it makes no effort at all to protect the identity of the people communicating with one another, providing easy-to-access maps of metadata.

That metadata can be used to specifically identify individuals and then, using the backdoor, access all their calls past and present. In other words, it is the perfect spying system.

Murdoch highlights in his post a number of occasions in which the UK security services have successfully compromised mobile phone networks – instances that were revealed by Edward Snowden – and notes that this is likely only the tip of the iceberg.

He also notes that GCHQ tried 20 years ago to introduce a similar protocol but that a "notable difference" exists between that effort and this MIKEY-SAKKE approach: "While the GCHQ protocol was explicitly stated to support key escrow to facilitate law enforcement and intelligence agency access, this controversial aspect has not been included in the description of MIKEY-SAKKE and instead the efficiency over EDH is emphasised."

Or in other words, the UK government doesn't want you to know that it can spy on everything you say.

Murdoch notes that things don't have to be this way – there are other products and protocols that provide a much higher level of security. Some, for example, protect past messages from being unencrypted, so even if someone does gain access to your encryption keys, they are limited to current calls. Others make it much harder for telcos to access unencrypted data as it flows through their system.

The hardest aspect, however, is ensuring that when initial contact is made with someone in order to exchange key encryption information, there isn't a person in the middle. One system to do this is to have people physically read out two words that appear on a device and have the other person hear and verify them before starting an encrypted conversation. However, Murdoch notes that even this approach is not foolproof; an attacker could simply impersonate the other caller.

In short then, unless you want to give telcos and government agencies unrestricted access to your phonecalls, it's best not to buy into the MIKEY-SAKKE

Bron: www.theregister.co.uk

quote:

Edward Snowden Questions PGP Encryption Code Shown In Latest ISIS Propaganda Video

The IBT Pulse Newsletter keeps you connected to the biggest stories unfolding in the global economy.

Maybe ISIS isn’t so good at encryption after all. Edward Snowden says that code the Islamic State terrorist group disseminated in a video to show it used an encryption app to carry out the horrific Paris terrorist attacks is little more than a publicity stunt.

Snowden, the former U.S. National Security Agency contractor who revealed classified surveillance programs to the press in 2013, tweeted screenshots of the ISIS propaganda video Sunday evening, hours after the extremist group released it. The video includes beheadings and footage of the ISIS gunmen who killed more than 100 people in Paris in November. But Snowden, an outspoken encryption advocate, said the code has too few letters to be a true example of PGP encryption, which ISIS claims to use.

He said the encryption key identification code, 1548OH76, would be rendered invalid by the H and O characters. Snowden also pointed to the timestamp, which showed the messages were decrypted three days after the attack (that could also mean the message is valid, albeit opened after the attack).



PGP (an acronym for Pretty Good Privacy) encryption is a popular method of encoding messages, and is often used to authenticate private texts, email messages and other communication. Snowden famously used PGP to contact journalists Glenn Greenwald, Laura Poitras and others in order to set up a meeting, where he passed them classified NSA documents.

The ISIS video, and Snowden’s reaction to it, come at a time when lawmakers throughout the U.S. and U.K. are pushing for legislation that would prohibit, or limit, encrypted messaging services.

Bron: www.ibtimes.com

quote:

Upon Petraeus’ Request, Prosecutors Removed Embarrassing Reference To Kiriakou Case From Plea Deal

quote:

When former CIA director David Petraeus requested prosecutors remove reference to a leak case against former CIA officer John Kiriakou from his plea deal, prosecutors astoundingly followed his wishes.

“Oaths do matter, and there are indeed consequences for those who believe they are above the laws that protect our fellow officers and enable American intelligence agencies to operate with the requisite degree of secrecy,” Petraeus declared in a statement to the CIA workforce after Kiriakou pled guilty to violating the Intelligence Identities Protection Act (IIPA) in 2013.

This statement shows Petraeus understood the law when he improperly handled and disclosed classified information, including “Black Books” containing the identities of covert officers, war strategy, intelligence capabilities and notes from his discussions with President Barack Obama. He still provided his biographer, Paula Broadwell, access to these books after she asked to use them as source material.

But, according to the Washington Post, in February 2015, Petraeus’ lawyers requested the statement Petraeus made about Kiriakou’s case not appear in the statement of facts in the plea deal.

“In the statement of facts that would accompany the plea agreement, prosecutors also said they would want to reference a Petraeus message sent to the CIA workforce in 2012 after John Kiriakou, a former agency officer, was convicted of leaking classified information,” the Post reported. A person involved with discussions about the plea deal told the Post the Kiriakou reference was “off the table.”

The issue over the embarrassing Kiriakou reference came up during a meeting with James Melendres, a prosecutor with the Justice Department’s National Security Division. He proposed a deal. Petraeus would plead guilty to lying to FBI agents and mishandling classified information. Petraeus’ lawyer objected to the lying charge and that became a “non-starter.”

The plea deal Petraeus agreed to in March 2015 involved only one charge—the unauthorized removal and retention of classified material. He received a sentence of probation for two years and a $40,000 fine.

“It’s weird on many levels that [prosecutors are] realizing the hypocrisy by admitting they’re going to keep something out of a statement of facts wherein Petraeus acknowledges he realizes leaking classified information is a crime,” Jesselyn Radack, a national security & human rights lawyer for Expose Facts who has represented numerous whistleblower clients, including Kiriakou. “It’s pretty striking that they would deliberately omit that because it makes Petraeus look bad and looks embarrassing.”

The Post report also shows how willing prosecutors were to acquiesce to the demands of Petraeus to remain out of prison and not be charged with any felony that would result in the loss of a pension.

quote:

EFF wants the NSA to destroy 14 years worth' of phone records

When the USA Freedom Act passed last June, it put an end to the country’s National Security Agency’s (NSA) mass surveillance program in which it collected millions of phone records of citizens’ calls over 14 years.

But the Electronic Frontier Foundation (EFF) believes that isn’t enough to protect people’s privacy, because those records still exist in various NSA databases. The non-profit is calling on a secret court to consider ways to delete this trove of data without destroying evidence that proves the NSA snooped on citizens.

EFF says that, “Even after the President, other members of the executive branch, Congress, the press, and the public fully and freely discussed the fact that the government was gathering the records of millions of Americans,” the government claims that no one other than a clutch of Verizon Business customers have sufficient proof to show that their phone records were actually collected.

As such, the government says that it can’t be sued by bodies like the EFF. The organization is currently involved in two pending cases seeking a remedy for the past 14 years of illegal phone record collection.

EFF wrote a letter (PDF) to the secret Foreign Intelligence Surveillance Act (FISA) court last December which it has now made public, explaining that it is ready to discuss options that will allow destruction of the records in ways that still preserve its ability to prosecute the cases.

It’ll be interesting to see how this pans out: if the government doesn’t agree to a discussion about how to handle these phone records, it’s possible that they will remain on file for years to come. Plus, it could allow the NSA to avoid being held accountable for its illegal mass surveillance.

At a time when people across the world are fighting to secure their rights to privacy in the future, it’s also important to ensure that our past is confidential too.

Bron: thenextweb.com

quote:

Canada's electronic spy agency stops sharing some metadata with partners - Politics - CBC News

The Communications Security Establishment, Canada's electronic spy agency, has stopped sharing certain metadata with international partners after discovering it had not been sufficiently protecting that information before passing it on.

Defence Minister Harjit Sajjan says the sharing won't resume until he is satisfied that the proper protections are in place. Metadata is information that describes other data, such as an email address or telephone number, but not the content of a given email or recording of a phone call.

The issue is disclosed in the annual report of CSE commissioner Jean Pierre Plouffe, which was tabled in the House of Commons Thursday morning.

"While I was conducting this current comprehensive review, CSE discovered on its own that certain metadata was not being minimized properly," Plouffe explained in the report.

"Minimization is the process by which Canadian identity information contained in metadata is rendered unidentifiable prior to being shared …."

"The fact that CSE did not properly minimize Canadian identity information contained in certain metadata prior to being shared was contrary to the ministerial directive, and to CSE's operational policy."

Canada's Five Eyes partners, with which data is sometimes shared, are the United States, Australia, New Zealand and the United Kingdom.

The report also noted that "the metadata ministerial directive lacks clarity regarding the sharing of certain types of metadata with Five Eyes partners, as well as other aspects of CSE's metadata activities."

Plouffe goes on to say that the ministerial directive is unclear about key aspects of how CSE collects,uses and discloses metadata, and does not provide clear guidance for how CSE's metadata activities are undertaken, recommending the agency ask for a new directive to provide better guidance.

In a statement, Sajjan says the "metadata in question … did not contain names or enough information on its own to identify individuals" and that "taken together with CSE's suite of privacy protection measures, the privacy impact was low."

He added: "I am reassured that the commissioner's findings confirm the metadata errors that CSE identified were unintentional, and am satisfied with CSE's proactive measures, including suspending the sharing of this information with its partners and informing the Minister of Defence."

Sajjan said CSE won't resume sharing this information with Canada's partners until he is fully satisfied the effective systems and measures are in place."

Speaking to reporters on Parliament Hill, Sajjan did not specify what sort of metadata had been shared and said officials could not review the data to determine how many people might have been impacted without violating privacy laws.

Appearing alongside Sajjan, Public Safety Minister Ralph Goodale noted that the federal government is in the process of reviewing its security intelligence operations and is committed to introducing new parliamentary oversight of intelligence agencies.

Bron: www.cbc.ca

quote:

GCHQ whistleblower movie Official Secrets recruits Harrison Ford and Anthony Hopkins | Film | The Guardian


How the Observer broke the story of NSA ‘dirty tricks’ at the UN in the runup to the Iraq war in 2003 will star Natalie Dormer as news source Katharine Gun

Harrison Ford and Anthony Hopkins have joined the cast of Official Secrets, the long-mooted film about the Observer’s reporting of the GCHQ bugging scandal in 2003, it has been announced.

In the latest film to cover the activities of whistleblowers and the journalists who report their revelations, Official Secrets will tell the story of Katharine Gun, an officer at the Cheltenham-based government eavesdropping agency. She leaked an email that contained a request by America’s NSA to illegally bug the United Nations offices of six key countries in the run-up to the UN’s vote on whether to authorise the Iraq war.

Gun’s revelations were reported in the Observer (the Guardian’s sister Sunday newspaper) by journalists Martin Bright and Ed Vulliamy, and Gun was arrested and charged with breaking the Official Secrets Act. However, her case was dropped in 2004 after no evidence was offered by the prosecution.

According to the Hollywood Reporter, Hopkins will play a retired general and Ford a veteran CIA agent. The have been cast alongside The Hunger Games’s Natalie Dormer, who will play Gun, and Paul Bettany as Bright. Martin Freeman plays the Observer’s foreign affairs editor – whose character name, Peter Edwards, appears to be a composite of Vulliamy and real-life editor Peter Beaumont, who is now the Guardian’s Jerusalem correspondent.

Official Secrets will be directed by Mandela: Long Walk to Freedom’s Justin Chadwick, and shooting is due to start in May.

Bron: www.theguardian.com

quote:

CIA planned rendition operation to kidnap Edward Snowden

The US Central Intelligence Agency (CIA) prepared to kidnap Edward Snowden, the whistleblower who exposed illegal and unconstitutional mass spying by the National Security Agency (NSA), documents obtained by the Danish media outlet Denfri show.

US intelligence maintained an aircraft and paramilitary team on standby in Copenhagen, awaiting orders to seize Snowden in the event that he crossed into a number of European countries, the documents show. They were obtained by Denfri through a Freedom of Information Act suit in August 2015.

The existence of the CIA plane was first reported in 2014 by The Register, which identified the aircraft as a Gulfstream V, registered under the number N977GA. The plane had previously been used to transport CIA captives to the agency’s “black site” torture centers across Europe, which were built up as part of an expanding global network of secret CIA prisons since 9/11.

The latest documents appear to have decisively corroborated this account, showing that Danish police and government officers approved the positioning of the CIA plane in Copenhagen for unspecified “state purposes.” In one of the leaked government letters, US Federal Bureau of Investigation representatives also sought cooperation from the Norwegian government, demanding that they immediately notify US agencies in the event that Snowden travelled to Norway, Finland, Sweden or Denmark.

The Danish decision to host the plane was part of broader cooperation by Copenhagen with Washington’s extra-legal kidnapping and rendition network. The Danish state has sought to preserve total secrecy in relation to the stationing of the CIA plane on its soil.

“Denmark’s relationship with the USA would be damaged if the information [content redacted from the documents] becomes public knowledge,” Denmark’s interior ministry told Denfri.

The confirmation that Washington planned for a direct raid to seize Snowden and forcibly return him to US custody does not come as a surprise.

Snowden has become a public enemy of the first order in the eyes of the US ruling class since he began releasing troves of data on spy programs run by the NSA and other US government agencies in the summer of 2013. According to May 2014 comments from then-NSA Director Keith Alexander, Snowden downloaded more than 1 million secret US government documents.

For the “crime” of exposing the vast and criminal surveillance enterprises run the by US government, Snowden has been subjected to innumerable death threats and slanders by the American media and political establishment.

Snowden embodies a new generation of educated and technologically-trained workers and youth who are increasingly hostile to the existing social order. That is why he has been hounded and turned away by governments around the world, and now lives in de facto exile in Moscow, where he received a temporary visa only after being forced to live for weeks in Moscow’s international air terminal, after the US cancellation of his passport frustrated his effort to travel to Ecuador, where he was seeking asylum.

There is now firm evidence that the US ruling elite sought to make good on its threats against Snowden, in the form of a snatch-and-grab operation, likely aimed at transferring the whistleblower to a covert torture base somewhere in Europe.

Bron: www.wsws.org

quote:

Investigatory powers bill: snooper's charter lacks clarity, MPs warn | Law | The Guardian

Highly critical report says proposed legislation must be reviewed to ensure obligations on tech industry are clear

The government’s investigatory powers bill lacks clarity and is sowing confusion among tech firms about the extent to which “internet connection records” will be collected, a parliamentary select committee has warned.

The highly critical report by the House of Commons science and technology committee says there are widespread doubts about key definitions in the legislation, “not to mention the definability, of a number of the terms”.

The admission that many MPs and technology experts are baffled will reinforce political concerns that such a complex bill is being pushed through parliament at speed. Other select committees are meanwhile preparing assessments of different aspects of the bill.

Related: Investigatory powers bill: the key points

Launching the report, the Conservative MP Nicola Blackwood, who is chair of the committee, said: “It is vital we get the balance right between protecting our security and the health of our economy. We need our security services to be able to do their job and prevent terrorism, but as legislators we need to be careful not to inadvertently disadvantage the UK’s rapidly growing tech sector.

“The current lack of clarity within the draft investigatory powers bill is causing concern amongst businesses... The government must urgently review the legislation so that the obligations on the industry are clear and proportionate.

“There remain questions about the feasibility of collecting and storing internet connection records (ICRs), including concerns about ensuring security for the records from hackers. The bill was intended to provide clarity to the industry, but the current draft contains very broad and ambiguous definitions of ICRs, which are confusing communications providers. This must be put right for the bill to achieve its stated security goals.”

The collection of ICRs is to allow law enforcement agencies to identify the communications service to which a device has connected. The report calls on the government to ensure that obligations it is imposing on industry are both clear and proportionate.

The committee accepts the principle that intelligence and security agencies should “in tightly prescribed circumstances be able to seek to obtain unencrypted data from communications service providers”.

The report says: “However, there is confusion about how the draft bill would affect end-to-end encrypted communications, where decryption might not be possible by a communications provider that had not added the original encryption.

“The government should clarify and state clearly in the codes of practice (which will be published alongside the bill itself) that it will not be seeking unencrypted content in such cases, in line with the way existing legislation is currently applied.”

Commenting on encryption, Blackwood said: “Encryption is important in providing the secure services on the internet we all rely on, from credit card transactions and commerce to legal or medical communications.

“It is essential that the integrity and security of legitimate online transactions is maintained if we are to trust in, and benefit from, the opportunities of an increasingly digital economy. The government needs to do more to allay unfounded concerns that encryption will no longer be possible.”

Related: Privacy watchdog attacks snooper's charter over encryption

The MPs said the evidence they received suggested there were still many unanswered questions about how this legislation would work “in the fast moving world” of technological innovation. “There are good grounds to believe that without further refinement, there could be many unintended consequences for commerce arising from the current lack of clarity of the terms and scope of the legislation,” they added.

Antony Walker, deputy CEO of techUK, which represents the technology industry, said: “There are several important recommendations in this report that we urge the Home Office to take on board. In particular we need more clarity on fundamental issues, such as core definitions, encryption and equipment interference.

“These are all issues that we highlighted to the committee and can be addressed both in the bill and in the codes of practice which we believe must be published alongside the bill, and regularly updated, as recommended by the committee. Without that additional detail, too much of the bill will be open to interpretation, which undermines trust in both the legislation and the reputation of companies that have to comply with it.

“The draft bill presents an opportunity for the UK government to develop a world-leading legal framework that balances the security needs with democratic values and protects the health of our growing digital economy. But we have to get the details right.”

Bron: www.theguardian.com

quote:

The British want to come to America — with wiretap orders and search warrants

quote:

If U.S. and British negotiators have their way, MI5, the British domestic security service, could one day go directly to American companies such as Facebook or Google with a wiretap order for the online chats of British suspects in a counter­terrorism investigation.

The transatlantic allies have quietly begun negotiations this month on an agreement that would enable the British government to serve wiretap orders directly on U.S. communication firms for live intercepts in criminal and national security investigations involving its own citizens. Britain would also be able to serve orders to obtain stored data, such as emails.

The previously undisclosed talks are driven by what the two sides and tech firms say is an untenable situation in which foreign governments such as Britain cannot quickly obtain data for domestic probes because it happens to be held by companies in the United States. The issue highlights how digital data increasingly ignores national borders, creating vexing challenges for national security and public safety, and new concerns about privacy.