Monitoring NSA in de VS en erbuiten, deel 10

quote:

Do NSA's Bulk Surveillance Programs Stop Terrorists?

quote:

On June 5, 2013, the Guardian broke the first story in what would become a flood of revelations regarding the extent and nature of the NSA’s surveillance programs. Facing an uproar over the threat such programs posed to privacy, the Obama administration scrambled to defend them as legal and essential to U.S. national security and counterterrorism. Two weeks after the first leaks by former NSA contractor Edward Snowden were published, President Obama defended the NSA surveillance programs during a visit to Berlin, saying: “We know of at least 50 threats that have been averted because of this information not just in the United States, but, in some cases, threats here in Germany. So lives have been saved.” Gen. Keith Alexander, the director of the NSA, testified before Congress that: “the information gathered from these programs provided the U.S. government with critical leads to help prevent over 50 potential terrorist events in more than 20 countries around the world.” Rep. Mike Rogers (R-Mich.), chairman of the House Permanent Select Committee on Intelligence, said on the House floor in July that “54 times [the NSA programs] stopped and thwarted terrorist attacks both here and in Europe – saving real lives.”

However, our review of the government’s claims about the role that NSA “bulk” surveillance of phone and email communications records has had in keeping the United States safe from terrorism shows that these claims are overblown and even misleading. An in-depth analysis of 225 individuals recruited by al-Qaeda or a like-minded group or inspired by al-Qaeda’s ideology, and charged in the United States with an act of terrorism since 9/11, demonstrates that traditional investigative methods, such as the use of informants, tips from local communities, and targeted intelligence operations, provided the initial impetus for investigations in the majority of cases, while the contribution of NSA’s bulk surveillance programs to these cases was minimal. Indeed, the controversial bulk collection of American telephone metadata, which includes the telephone numbers that originate and receive calls, as well as the time and date of those calls but not their content, under Section 215 of the USA PATRIOT Act, appears to have played an identifiable role in initiating, at most, 1.8 percent of these cases. NSA programs involving the surveillance of non-U.S. persons outside of the United States under Section 702 of the FISA Amendments Act played a role in 4.4 percent of the terrorism cases we examined, and NSA surveillance under an unidentified authority played a role in 1.3 percent of the cases we examined.

quote:

GCHQ accused of 'persistent' illegal hacking at security tribunal | UK news | The Guardian

UK government monitoring station admits hacking devices for the first time during case brought by Privacy International and internet service providers

GCHQ carries out “persistent” illegal hacking of phones, computers and networks worldwide under broad “thematic” warrants that ignore privacy safeguards, a security tribunal has heard.

Microphones and cameras on electronic devices can be remotely activated without owners’ knowledge, photographs and personal documents copied and locations discovered, the Investigatory Powers Tribunal (IPT) has been told.

GCHQ, the government monitoring station in Cheltenham, has for the first time in a court case admitted that it carries out computer network exploitation (CNE) – commonly known as hacking – both in the UK and overseas.

Some CNE operations are said to be “persistent” – where listening programs are left on targeted devices – while others are “non-persistent”, where the monitoring ends with each internet session.

The claim that the government’s hacking activities are disproportionate and illegal has been brought by Privacy International and seven international internet service providers.

The case is being heard at the IPT, which deals with complaints about the intelligence services and surveillance by government organisations. The four-day hearing is at the Rolls Building in central London.

“The [legal] regime governing CNE … remains disproportionate,” Ben Jaffey, counsel for Privacy International, told the tribunal. “Given the high potential level of intrusiveness, including over large numbers of innocent persons, there are inadequate safeguards and limitations.”

Related: GCHQ's spy malware operation faces legal challenge

The case has been brought in the wake of revelations by the American whistleblower Edward Snowden who exposed the extent of surveillance carried out by the US’s National Security Agency and the UK’s GCHQ.

Snowden’s documents referred to GCHQ’s CNE capabilities, the tribunal was told, including “a programme called Nosey Smurf which involved implanting malware to activate the microphone on smartphones; Dreamy Smurf, which had the capability to switch on smartphones; Tracker Smurf, which had the capability to provide the location of a target’s smartphone with high precision; and Paranoid Smurf, which ensured all malware remained hidden”.

One illegal aspect of GCHQ’s hacking, Jaffey said, is making changes to targeted computers, an activity that undermines their later use as evidence. “What parliament did not authorise was CNE that impairs the operation of a computer …” he said.

“If state authorities are permitted to alter or impair the operation of a computer, the reliability and admissibility of such evidence will be called into question, as will the need to disclose a past CNE operation to the defence.”

In 2013, the tribunal was told, 20% of GCHQ’s intelligence reports contained information derived from hacking.

The reliance of the intelligence services on what are termed “thematic” warrants – that do not name individuals or addresses but rely on generalised categories of people or places – are an “exorbitant” extension of normal powers, Jaffey told the tribunal.

Under section five of the Intelligence Services Act, he said, proper safeguards are being bypassed so that groups as widely defined, for example, as “all mobile telephones” in Birmingham could be targeted.

Some of the intelligence oversight commissioners, such as Sir Mark Waller, had recently warned in their reports that the security agencies’ interpretation of thematic warrants were “very arguable”, Jaffey pointed out.

Related: Snowden surveillance revelations drive UK and US policy in opposite directions

Newly released documents from the long-running case include a warning from Ross Anderson, professor of security engineering at Cambridge University, that “it is only a matter of time before CNE causes fatal accidents”.

Citing denial of service attacks by online protesters in Oregon, USA, who hijacked hospital servers, installed malware and interfered with medical equipment, Anderson said: “Computers are becoming embedded in ever more devices, on which human societies depend ever more in ways that are complex and ever harder to predict.”

In a written response, Ciaran Martin, director of cyber security at GCHQ, said: “[We] never carry out reckless and irresponsible CNE operations ... GCHQ’s processes for CNE include an expert risk assessment panel.”

The documents include a “gist” – or summary – of internal GCHQ advice to staff about the legality of hacking. They explain that: “The [Intelligence Services Act] warrant and authorisations scheme is a mechanism for removing liability that would otherwise attach to interference with property such as computers, phones and routers. This interference would otherwise be a criminal offence under the Computer Misuse Act.”

Another GCHQ instruction states: “CNE involves gaining remote access to computers and networks and possibly modifying their software without the knowledge or consent of the owners and users with the aim of obtaining intelligence ... CNE operations carry political risk. These risks are assessed by the relevant team – consult them at an early stage if you’re considering a CNE operation”

Lawyers for GCHQ argue that its CNE activities are “proportionate”. They dismissed Privacy International’s claims as “extreme allegations” that do not accurately describe the reality of GCHQ’s operations.

“Over the last year the threat to the UK from international terrorism has continued to increase,” James Eadie QC, for GCHQ, told the tribunal in written submissions. “GCHQ and other intelligence agencies must develop innovative and agile technical capabilities to meet these serious national security challenges. Computer network exploitation is one such capability … CNE may, in some cases, be the only way to acquire intelligence coverage of a terrorist suspect or serious criminal in a foreign country.”

The legal regime governing its deployment provides “stringent safeguards” for CNE activities, Eadie added. “It is denied that GCHQ is engaged in any unlawful and indiscriminate mass surveillance activities.”

Commenting on the hearing, Caroline Wilson Palow, general counsel at Privacy International, said: “The light-touch authorisation and oversight regime that GCHQ has been enjoying should never have been permitted. Perhaps it wouldn’t have been if parliament had been notified in the first place that GCHQ was hacking. We hope the tribunal will stand up for our rights and reign in GCHQ’s unlawful spying.”

The seven internet service providers involved in the case are: GreenNet, Riseup Networks, Mango Email Service, Jinbonet from Korea, Greenhost, Media Jumpstart, and Chaos Computer Club.

Some sessions of the IPT are closed and held in secret. The case continues.

Bron: www.theguardian.com

quote:

Privacyorganisaties: Facebook moet stoppen met datadoorgifte naar VS

quote:

De organisaties geven Facebook en zijn dochterbedrijven tot en met vrijdag 15 januari om zijn beleid duidelijk te maken over het stoppen met de doorgifte van persoonsgegevens van Europese gebruikers naar de VS. Als Facebook geen afdoende reactie geeft, kunnen gerechtelijke stappen volgen, dreigen de organisaties. Het gaat om Privacy First, Bits of Freedom, het Public Interest Litigation Project en Platform Bescherming Burgerrechten. Daarnaast onderschrijven enkele individuele Facebook-gebruikers de sommatie.

quote:

Datadrift: leest de overheid straks mee met jouw appjes?

quote:

Na de aanslagen in Parijs is de discussie over afluisteren, aftappen en privacy weer opgelaaid. Volgens de overheid kunnen WhatsAppjes, e-mails en locatiegegevens puzzelstukjes zijn die een volgende aanslag voorkomen en criminelen dwarsbomen.

Vandaag werd een nieuwe wet ingediend, waarmee de politie ruimere bevoegdheden krijgt om verdachten van misdrijven te hacken. Het kabinet werkt ook nog aan twee andere wetten die het mogelijk maken meer informatie te verzamelen.

Dat maakt de kans groter dat de overheid je privégegevens in handen krijgt. Welke gevolgen heeft dat voor jou? Deze interactieve special vertelt je in vijf hoofdstukken hoe en waar de nieuwe regelgeving jou kan raken.

quote:

ODNI admits spy chief’s phone was hit by hackers

quote:

Director of National Intelligence James Clapper’s office has confirmed that phone calls intended for the director were being re-routed to a pro-Palestinian hotline after a hacker claimed to have gained access to the spy chief’s personal Verizon account.

Brian Hale, a spokesperson for Mr. Clapper’s office, told Motherboard Tuesday that authorities had been notified of an apparent social engineering prank that had compromised Mr. Clapper’s home and mobile phone lines.

A hacker calling himself “Cracka” told Motherboard this week that he had broken into several of the intelligence director’s personal accounts, including a Verizon FiOS profile, and changed the settings so that calls placed to Mr. Clapper’s home were being automatically forwarded to a phone number registered to the Free Palestine Movement.

The hacker claiming responsibility told Motherboard that he did not want to be identified, but the website said he was among the individuals involved in a series of similar cyber-pranks waged late last year by a previously unknown hacking collective, Crackas With Attitude, against targets including CIA Director John Brennan and Homeland Security Secretary Jeh Johnson.

At the time, the collective said the hacks had been done in support of the Palestinian cause, and emails lifted from Mr. Brennan’s personal account were subsequently provided to and published by WikiLeaks.

Calls placed by Motherboard to a phone number for Mr. Clapper on Monday evening were indeed routed to the Free Palestine Movement, and the group’s co-founder, Paul Larudee, told the website that he had been receiving calls intended for the intelligence director for over at hour at that point.

Additionally, Cracka told Motherboard that he has gained access to Mr. Clapper’s email account and a Yahoo account for his wife, Susan, but his claims could not immediately be verified.

“I just wanted the gov to know people aren’t [expletive] around, people know what they’re doing and people don’t agree #FreePalestine,” the hacker told Motherboard.

After the ODNI confirmed the phone line had been hacked, however, questions were quickly raised about the intelligence director’s apparent lapse in operational security.

“If I’m the director of National Intelligence of the United States of America, nobody is going to know where the [expletive] I live, nobody is going to have my [expletive] phone number or address,” Michael Adams, an information security expert previously with the U.S. Special Operations Command, told Motherboard.

quote:

Snooper's charter: cafes and libraries face having to store Wi-Fi users' data | World news | The Guardian

Theresa May gives first hint costs may far exceed £240m estimate as it emerges even small-scale providers could be targeted

Coffee shops running Wi-Fi networks may have to store internet data under new snooping laws, Theresa May has said.

Small-scale networks such as those in cafes, libraries and universities could find themselves targeted under the legislation and forced to hand over customers’ confidential personal data tracking their web use.

Related: Why journalists should challenge the new surveillance powers

The home secretary has also given her first hint that the costs of her snooper’s charter are likely to go far beyond the official £240m estimate. May told peers and MPs that talks were under way with internet and phone companies over costs and their technical capacity to deliver the measures, after being told that Vodafone, O2 and EE had testified that each company could each spend that amount alone in implementing the proposed surveillance law.

During nearly two hours of questioning by the joint parliamentary scrutiny committee on her bill, the home secretary revealed that small-scale internet providers would not be excluded from the requirement to store their customer’s internet records for up to 12 months.

“I do not think it would be right for us to exclude any networks,” she told MPs and peers. “If you look at how people do their business these days, it is on the move.”

May rejected demands from the information commissioner and from the defence and security industries that there should be a “sunset clause” on the legislation ensuring it would be revisited within five to seven years to cope with the rapid pace of technological change. She insisted the bill was “technology neutral” and fit for a rapidly changing technological world.

Related: Mass snooping and more – the measures in Theresa May's bill

The home secretary had no answer when questioned by MPs and peers as to how she would enforce legal notices requiring overseas internet and technology companies, such as Apple, Facebook, Twitter and Google, to store their customers’ communications data records for 12 months and to hand them over to British police and security agencies on request. May said they were still examining issues of “extra-territoriality”.

She did, however, attempt to reassure the scrutiny committee that judicial commissioners, to be appointed to operate a “double-lock” authorisation process on intercept and bulk interception warrants, would have sufficient flexibility to examine decisions taken by cabinet ministers to order intrusive snooping operations.

The scrutiny committee has had only two and a half months to examine the 300-page bill which is being introduced in the wake of disclosures by the whistleblower Edward Snowden, uncovering mass surveillance and bulk collection programmes operated by Britain’s GCHQ and the National Security Agency in the US. The committee is to produce its pre-legislative scrutiny report by 9 February before the bill is given a Commons second reading.

The issue of the costs faced by the internet and phone companies in complying with the bill’s requirements to collect, store and retain for 12 months all their customers’ communications data tracking their individual use of the web, email and mobile phones could prove a serious difficulty for the Home Office.

Related: The Guardian view on surveillance: citizens must be the state’s master. Not its plaything | Editorial

The Labour MP David Hanson raised the issue with May, saying that Vodafone, EE, O2 and Three had testified in evidence that they could each spend £240m alone and were troubled about their current capacity to deliver compliance with the legislation on budget and on time. O2 had said the costs involved will be “huge”, while EE said that if there was any cap or limit on the government reimbursing their costs for storing the data involved, it could make things very difficult.

May made clear that the government had agreed to underwrite the costs involved in the companies’ complying with the bill on a “cost recovery basis”. She said the Home Office was in talks with the companies but insisted that the initial estimate had not been “plucked out of the air”.

She said: “We have provided some indicative figures. We are still in discussion with individual communication service providers about ways in which these capabilities are to be provided. We will have reasonable cost recovery when we require these companies to provide these capabilities.”

May said that she had spoken to the companies about the sums of money involved and the technical feasibility and that they had been responsive.

Bron: www.theguardian.com

quote:

New York Wants to Force Vendors to Decrypt Users’ Phones

A bill that is making its way through the New York state assembly would require that smartphone manufacturers build mechanisms into the devices that would allow the companies to decrypt or unlock them on demand from law enforcement.

The New York bill is the latest entry in a long-running debate between privacy advocates and security experts on one side and law enforcement agencies and many politicians on the other. The revelations of the last few years about widespread government surveillance, especially that involving cell phones and email systems, has spurred device manufacturers to increase the use of encryption. New Apple iPhones now are encrypted by default, as are some Android devices.

The FBI, Justice Department and other agencies have been pushing back against this trend, talking with manufacturers about potential ways around default or user-enabled encryption.

“Encryption threatens to lead us all to a very, very dark place. The place that this is leading us is one that I would suggest we shouldn’t go without careful thought and public debate,” FBI Director James Comey said of the encryption of mobile devices in 2014.

Bron: www.onthewire.io

quote:

No Backdoors But UK Government Still Wants Encryption Decrypted On Request… | TechCrunch

Yesterday the U.K. Home Secretary, Theresa May, spent two hours giving evidence to a joint select committee tasked with scrutinizing proposed new surveillance legislation.

The draft Investigatory Powers Bill, covering the operation of surveillance capabilities deployed by domestic security and law enforcement agencies, is currently before parliament — with the government aiming to legislate by the end of this year.

During the committee session May was asked to clarify the implications of the draft bill’s wording for encryption. Various concerns have been raised about this — not least because it includes a clause that communications providers might be required to “remove electronic protection of data”.

Does this mean the government wants backdoors inserted into services or the handing over of encryption keys, May was asked by the committee. No, she replied: “We are not saying to them that government wants keys to their encryption — no, absolutely not.”

Encryption that can be decrypted on request

However the clarity the committee was seeking on the encryption point failed to materialize, as May reiterated the government’s position that the expectation will be that a lawfully served warrant will result in unencrypted data being handed over by the company served with the warrant.

“Where we are lawfully serving a warrant on a provider so that they are required to provide certain information to the authorities, and that warrant has been gone through the proper authorization process — so it’s entirely lawful — the company should take reasonable steps to ensure that they are able to comply with the warrant that has been served on them. That is the position today and it will be the position tomorrow under the legislation,” said May.

“As a government we believe encryption is important. It is important that data can be kept safe and secure. We are not proposing in this bill to make any changes in relation to the issue of encryption. And the legal position around that. The current legal position in respect of encryption will be repeated in the legislation of the bill. The only difference will be that the current legal position is set out in secondary legislation and it will be, obviously, in the bill,” she added.

Theresa May

May was pressed specifically on the implications of the legislation for end-to-end encryption. Her comments on this point provide little reassurance that the government either appreciates the technical nuance involved (i.e. that properly implemented end-to-end encryption would mean a company is unable to decrypt data itself, and therefore unable to comply with such an expectation), or is not intentionally seeking to undermine — or at very least obfuscate — the legal position around end-to-end encryption.

In the instance where a company that has implemented end-to-end encryption tells the authorities it is unable to provide data, what will the bill’s reference to removing electronic protection mean in practice, May was asked?

“What we are saying to companies… is that when a warrant is lawfully served on them there is an expectation that they will be able to take reasonable steps to ensure that they can comply with that warrant. i.e. that they can provide the information that is being requested under that lawful warrant in a form which is legible for the authorities,” she repeated.

The weight of the bill’s requirement, as it stands, appears to rest on what is meant by the phrase “reasonable steps”. And whether removing end-to-end encryption would be considered a reasonably required step by the law. It’s unclear at this stage what the law will consider reasonable, and the lack of clarity on this point appears intentional — as a way for the government to side-step the issue of end-to-end encryption without explicitly stating whether the technology effectively offers a workaround to the legislation or not.

And indeed, in other answers to the committee, May revealed that other instances of ‘untightened’ language in the bill are intentional — in order for the legislation to provide “flexibility”, as she put it. Such as to allow definitions to be broad enough to accommodate advances in technology, for example.

Clarity vs flexibility

“It’s a balance between trying to ensure that legislation is so drafted that it is clear for people but that it isn’t so drafted that it actually mean that it will only have a very, very limited life — precisely because definitions will move on and there will be developments,” she said.

At another point in the session, the lack of clarity about exactly what bulk datasets are — and the Home Office’s ongoing refusal to provide the committee with a list of these (their public existence was only revealed last March) — is also apparently intentional, with May again using the word flexibility when asked about these.

Here she seemed to mean affording agencies the wiggle-room of operational secrecy necessary not to tip off criminals about the sorts of lists they might be looking at. (Although she gave one example of a bulk dataset being a list of people with firearms licences.)

During the session, she also rejected general criticism that the bill’s language is uncertain, arguing that the definition of the so-called Internet Connection Records (ICRs) — i.e the requirement that ISPs and other communications service providers (CSPs) log a list of websites visited by every user for a full year — has, for example, been tightened up.

But asked by the committee to give her own definition of what an ICR is — “in terms that might be understandable by a layperson” — she offered only “an equivalence” explanation, describing it as: “When you have somebody who is accessing a particular site… or is using the Internet for a particular communication, you wish to be able to identify that. You’re not trying to find out whether they have looked at certain pages of a website, which is where I think the confusion may arise because of what people felt was in the draft Communications Data Bill.

“It is simply about that access to a particular site or the use of the Internet for a communication,” she added.

May rejected the suggestion put to her by the committee that a sunset clause or regular review might be an appropriate way to ensure expansive investigatory powers do not shift, over time, to become disproportionate — arguing specifically that CSPs need the certainty that a non-bookended bill provides if they are to put in place infrastructure to enable the collection of ICRs.

Internet connection records

May fielded a lot of questions about ICRs, including whether they might not result in producing far too much data of limited utility, as well as on the costs of implementing them, the security challenges of storing so much sensitive data, and the technical feasibility of being able to capture the sort of data the agencies are after via this method.

“The confidence we have [on technical feasibility] comes from the discussions that we’ve been having with [communications service providers],” she said. “We have had numerous discussions with them about how access to ICRs may be achieved.

“The discussions we’ve had with them have been about some of these technical issues — about access. And obviously there are different ways in which different providers approach the way they operate but we are confident from those discussions that it will be technically feasible for us to be able to ensure that there is access to the information that’s necessary.”

On the costs point, May said the previously mentioned £247 million figure to reimburse ISPs/CSPs’ costs for retaining and storing ICR data is “indicative” — adding: “We are obviously still in discussion with individual CSPs about the ways in which these capabilities would be provided.”

The committee noted it had previously heard from multiple CSPs expressing doubts that the £247 million figure would cover the costs of implementing ICRs across multiple providers. And the Home Secretary was challenged on whether there would be “sufficient resource” to meet the requirements the bill proposes to place on CSPs.

She agreed to provide the committee with “further indications” of technical feasibility and costs. “We do provide reasonable cost recovery,” she added. “That’s been a long-standing policy of the U.K. government where we are requiring these companies to do things in order to have this sort of access.”

She also agreed to provide the committee with additional operational examples of why ICRs are necessary as an investigatory power.

On the point about the usefulness of ICR data itself, May was asked to respond to other evidence heard by the committee that, for example, smartphones being constantly connected to the Internet will mean that collecting a list of connected services would offer only a very muddy intelligence signal.

Do you see a danger that you’ll just collect a vast amount of data of limited utility in the end, she was asked? May said the government’s aim is to have “a more targeted approach” to handle “this issue of volume of data”, going on to argue that recording individual connections/sessions will not generate an unmanageable volume of data.

“I don’t think there’s going to be that volume of data in the much more targeted approach we will take,” said May, contrasting the IP bill ICR proposals with a prior attempt, in Denmark, to mandate telcos store data on users.

“We will have a more targeted approach. Which I think we believe will reduce that overall volume of data recorded and reduce the risk that connections are missed,” she said, adding: “I’m reliably informed that the Danish implementation was based around sampling every 500th packet, rather than recording individual Internet connections or sessions. Which is what we propose to do.”

On the issue of how the government would enforce requirements set out in the IP bill on overseas communications providers May said it is an issue the Home Office is looking at.

“There are certain aspects of this legislation where we are looking at extraterritoriality. But there are requirements that we will be issuing — obviously there will be data retention notices that will be issued to communications service providers in relation to requirement for them to hold data in a way that enables that to be accessible.”

“We do repeat the position that we put into DRIPA that has always been asserted by all governments in relation to the ability to exercise a warrant against a company that is offering services in the U.K. and abiding by the law of the U.K.,” she added later.

Judicial oversight as privacy safeguard

On the overarching point about the risks to individuals’ privacy by sledgehammer measures that propose to monitor U.K. citizens in bulk, May say the safeguard against this is the double-lock mechanism that involves both judicial and minister review of warrants.

“The double lock authorization is there where there are processes which are intrusive into an individual,” she argued.

On the judicial component of the double-lock May was asked by the committee whether these judicial powers will be just narrow “process checks” or also allow for judges to also assess the necessity and proportionality of warrants. She said there will be scope for judges to scrutinize the merits of a warrant — not just do a process check — but said it will be open to judges to choose which type of approach they take on a case-by-case basis.

“One of the advantages that one has with judicial review principles is that it gives the judicial commissioners a degree of flexibility as to how they approach particular cases, depending on the impact on the individual of what it is is that they’re looking at. And so they will be able to make an assessment and a judgement as to how they wish to approach the evidence that is before them,” she said.

“The Secretary of State looks at necessity and proportionality of the warrantry. So it will be open to the senior high court judge to look at necessity and proportionality but they will be able, under the judicial review provisions, to have the flexibility to determine the way in which they look at that decision.”

“It will be up to the judge… to determine how they approach any particular issue,” she added. “There may well be circumstances in which they might apply a lighter touch approach to reviewing a Secretary of State’s decision. And others in which they will in fact look more at necessity and proportionality.

“The whole point of the double-lock authorization is that both parties have to agree to the warrant being applied. And if the judicial commissioner decides that the warrant should not be applied — having looked at it, and applied the tests that they need to apply — then obviously it can’t be operated.”

Bulk powers

May was also probed on the bulk powers provisions in the bill, and challenged to respond to criticism that security analysts are in fact ‘drowning in too much data’ because of such mass harvesting processes — and that bulk collection is therefore counterproductive when it comes to helping national security.

She stridently rebutted the view that measures in the bill constitute mass surveillance — asserting: “We do not collect all the data, all of the time” — before going on to argue that “bulk collection” is necessary to ensure there is a “haystack” of data available to be filtered for intelligence in the first place.

“There are a variety of ways in which of course the agencies are careful and do look to target how they deal with data. But if the suggestion is that you cannot collect any bulk data whatsoever, or have access to any bulk datasets whatsoever, then you’re going to miss the opportunity,” she said.

“It would be wrong to give the impression that we are collecting all of the data all of the time… But bulk capabilities are important because you do need — if you’re going to be able to investigate a target — you need to be able to acquire the communications in the first place and when the target is overseas bulk interception obviously is one of the key means, and indeed it may be the only means, by which it’s possible to obtain communications.”

“It isn’t the case that it is always used in an untargeted way,” she added. “Of course when we look, when particular incidents have taken place, we look at the systems that are in place to ensure that we can make the way we operate as effective as possible. Because there’s a very fundamental reason to be able to have access to this information, to be able to deal with this information; it is about keeping people safe and secure.”

May was also pressed on when operational cases will be published for the various bulk powers set out in the bill — such as bulk equipment interference powers (aka mass hacking capabilities) — with the committee noting prior warnings by QC David Anderson, who conducted the government’s independent review of terrorism legislation last summer, that there’s a risk of the legislation being unpicked at the European level without robust justification being made for such capabilities.

On this point the Home Secretary agreed to write to the committee with further explanation of why the bulk powers are necessary.

She was also probed on whether the bill afforded agencies with the ability to apply for so-called thematic warrants — potentially covering “a very large number of people and therefore cannot be classed as targeted”. “The answer is no,” she said. “It will not be possible to use a thematic warrant against a very large group of people.”

“The purpose of the thematic warrant is for example circumstances in which perhaps there’s a kidnap, there’s perhaps a threat to life, and there’s only certain information available and it’s necessary because of the pace at which something is developing to be able to identify the group of people who are involved with that particular criminal activity as being within the thematic warrant,” she added.

Overseas data-sharing

May was also asked about concerns that security agencies might workaround the legal framework set out in the IP bill by obtaining information from other countries, or vice versa, with one committee member noting “there isn’t very much in the bill about these issues” — and suggesting it could prove a sizable loophole for what is supposed to be a transparent legal framework for the operation of secretive state surveillance powers.

“We do look at the handling arrangements that are in place when we are sharing material with overseas partners. It’s clause 41 of the draft bill that sets out that before intercept material is shared with an overseas authority the issuing authority sharing the material must be satisfied that they’ve got appropriate handling arrangements in place to protect the material. Equivalent to those that apply under clause 40,” said May.

“There will be codes of practice [in the case of U.K. agencies receiving data shared by overseas countries],” she added. “We’ve been very clear that in terms of ensuring that where information is obtained it is done so against an appropriate legal framework. And that there are provisions in place that ensure that the agencies operate and only obtain information where it is lawful for them to do so.”

The questioner followed up by asking where do we find that legal framework — wondering whether it is down to a series of international treaties, some of which may not be in the public domain? May did not give a clear answer on this, saying only: “There are various aspects to the legal framework against which the agencies operate,” before suggesting she could again write to the committee to provide more information on this point.

The evidence session was the last one the committee will hear. It will now begin compiling its recommendations — with a report due to be published by mid February.


Bron: techcrunch.com

twitter:

Snowden twitterde op dinsdag 19-01-2016 om 12:34:46 Huge: Appeals Court rejects UK's effort to criminalize an act of journalism as "terrorism." https://t.co/E1kJh8n9Gu https://t.co/RE1OBIGPey reageer retweet

quote:

The Guardian view on the David Miranda verdict: a counterpunch for freedom | Editorial | Opinion | The Guardian

The court of appeal’s ruling in the case of David Miranda’s 2013 detention at Heathrow is indisputably an advance for press freedom. It establishes with very great care, balancing the needs of security and the rights of journalists, that existing police anti-terror powers to stop and question travellers in and out of this country are incompatible with freedom of expression protections under the European convention on human rights.

That judgment should be strongly welcomed by all news organisations and journalists, since the media’s ability to protect confidential sources was otherwise wide open to real abuse, as the Miranda case proved. The government, which has behaved as though no such need for balance exists, is now under an obligation to respond with changes to the law. It should make clear in parliament that it will do this soon.

The ruling does not protect Mr Miranda, who was stopped when carrying material from the Edward Snowden revelations. But it re-establishes the principle, which the Guardian always pressed in the Snowden case, that Mr Miranda should have had the protection of a public interest defence against his detention. The stop powers in schedule 7 of the Terrorism Act 2000 are very sweeping. In some years, as many as 85,000 people have been stopped, overwhelmingly Muslims. Tuesday’s victory is important for journalism, but the stop powers need to be well scrutinised in other respects too.

Bron: www.theguardian.com

quote:

Journalism is not terrorism. Criticism of the government is not violence

quote:

As Greenwald has already said, the court ruling is “an enormous victory, first and foremost for press freedoms, because what the court ruled is that the UK parliament can’t purport to allow its police to seize whatever they want to take from journalists by pretending it’s a terrorism investigation”.

David Miranda ruling throws new light on schedule 7 powers

He’s exactly right: journalists, or anyone working on behalf of newspapers for that matter, should not be worried about being detained, interrogated and having their source material confiscated for doing their job in a democracy.

But even more disturbing than the UK government’s willingness to detain a journalist in violation of his human rights is what they attempted to claim after Miranda’s detention to justify their actions. In arguing that they had every right to detain Miranda under the Terrorism Act in 2013, the government put forth a the radical and expansive definition of terrorism. Here is the government’s exact words from a court filing they made in November 2013:

. Additionally the disclosure [of NSA/GCHQ documents], or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism...

Think about the implications of that for a minute: terrorism was defined as publishing information designed to influence the government. That definition includes no mention of violence or even a threat of violence, which David Miranda never came anywhere near doing.

In other words, any opinion or action the government does not like could potentially have been decreed as “terrorism” under their warped definition.

quote:

For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher • The Register

The UK government's official voice encryption protocol, around which it is hoping to build an ecosystem of products, has a massive backdoor that would enable the security services to intercept and listen to all past and present calls, a researcher has discovered.

Dr Steven Murdoch of University College London has posted an extensive blog post digging into the MIKEY-SAKKE spec in which he concludes that it has been specifically designed to "allow undetectable and unauditable mass surveillance."

He notes that in the "vast majority of cases" the protocol would be "actively harmful for security."

Murdoch uses the EFF's scorecard as a way of measuring the security of MIKEY-SAKKE, and concludes that it only manages to meet one of the four key elements for protocol design, namely that it provides end-to-end encryption.

However, due to the way that the system creates and shares encryption keys, the design would enable a telecom provider to insert themselves as a man-in-the-middle without users at either end being aware. The system would also allow a third party to unencrypt past and future conversations. And it does not allow for people to be anonymous or to verify the identity of the person they are talking to.

In other words, it would be the perfect model for the security services, who can apply pressure to a telecom company and then carry out complete surveillance on an unidentified individual.

While it is surprising that the official UK government system would have such a significant backdoor, it is perhaps less surprising when you consider who developed the spec: the information security arm of the UK listening post GCHQ, the Communications-Electronics Security Group (CESG).

The CESG – and the UK's civil service – started pushing the approach late last year and has incorporated it into a product spec called Secure Chorus. It has also set itself up as an evaluator of other products and is trying to market its approach commercially by pushing it as "government-grade security." One example of a product already going through this evaluation is Cryptify Call, available for iOS and Android.

Guess which one was developed by the UK security services

There is increasing demand for voicecall encryption. Unlike instant messaging, which effectively allowed companies to start from scratch and so has resulted in a number of highly secure products, phonecalls run over older infrastructure and almost always pass through telecom companies, usually in an unencrypted form (although the information may be encrypted while in transit).

MIKEY-SAKKE is unusual in that unlike most secure messaging and phone systems, it makes no effort at all to protect the identity of the people communicating with one another, providing easy-to-access maps of metadata.

That metadata can be used to specifically identify individuals and then, using the backdoor, access all their calls past and present. In other words, it is the perfect spying system.

Murdoch highlights in his post a number of occasions in which the UK security services have successfully compromised mobile phone networks – instances that were revealed by Edward Snowden – and notes that this is likely only the tip of the iceberg.

He also notes that GCHQ tried 20 years ago to introduce a similar protocol but that a "notable difference" exists between that effort and this MIKEY-SAKKE approach: "While the GCHQ protocol was explicitly stated to support key escrow to facilitate law enforcement and intelligence agency access, this controversial aspect has not been included in the description of MIKEY-SAKKE and instead the efficiency over EDH is emphasised."

Or in other words, the UK government doesn't want you to know that it can spy on everything you say.

Murdoch notes that things don't have to be this way – there are other products and protocols that provide a much higher level of security. Some, for example, protect past messages from being unencrypted, so even if someone does gain access to your encryption keys, they are limited to current calls. Others make it much harder for telcos to access unencrypted data as it flows through their system.

The hardest aspect, however, is ensuring that when initial contact is made with someone in order to exchange key encryption information, there isn't a person in the middle. One system to do this is to have people physically read out two words that appear on a device and have the other person hear and verify them before starting an encrypted conversation. However, Murdoch notes that even this approach is not foolproof; an attacker could simply impersonate the other caller.

In short then, unless you want to give telcos and government agencies unrestricted access to your phonecalls, it's best not to buy into the MIKEY-SAKKE

Bron: www.theregister.co.uk

quote:

Edward Snowden Questions PGP Encryption Code Shown In Latest ISIS Propaganda Video

The IBT Pulse Newsletter keeps you connected to the biggest stories unfolding in the global economy.

Maybe ISIS isn’t so good at encryption after all. Edward Snowden says that code the Islamic State terrorist group disseminated in a video to show it used an encryption app to carry out the horrific Paris terrorist attacks is little more than a publicity stunt.

Snowden, the former U.S. National Security Agency contractor who revealed classified surveillance programs to the press in 2013, tweeted screenshots of the ISIS propaganda video Sunday evening, hours after the extremist group released it. The video includes beheadings and footage of the ISIS gunmen who killed more than 100 people in Paris in November. But Snowden, an outspoken encryption advocate, said the code has too few letters to be a true example of PGP encryption, which ISIS claims to use.

He said the encryption key identification code, 1548OH76, would be rendered invalid by the H and O characters. Snowden also pointed to the timestamp, which showed the messages were decrypted three days after the attack (that could also mean the message is valid, albeit opened after the attack).



PGP (an acronym for Pretty Good Privacy) encryption is a popular method of encoding messages, and is often used to authenticate private texts, email messages and other communication. Snowden famously used PGP to contact journalists Glenn Greenwald, Laura Poitras and others in order to set up a meeting, where he passed them classified NSA documents.

The ISIS video, and Snowden’s reaction to it, come at a time when lawmakers throughout the U.S. and U.K. are pushing for legislation that would prohibit, or limit, encrypted messaging services.

Bron: www.ibtimes.com

quote:

Upon Petraeus’ Request, Prosecutors Removed Embarrassing Reference To Kiriakou Case From Plea Deal

quote:

When former CIA director David Petraeus requested prosecutors remove reference to a leak case against former CIA officer John Kiriakou from his plea deal, prosecutors astoundingly followed his wishes.

“Oaths do matter, and there are indeed consequences for those who believe they are above the laws that protect our fellow officers and enable American intelligence agencies to operate with the requisite degree of secrecy,” Petraeus declared in a statement to the CIA workforce after Kiriakou pled guilty to violating the Intelligence Identities Protection Act (IIPA) in 2013.

This statement shows Petraeus understood the law when he improperly handled and disclosed classified information, including “Black Books” containing the identities of covert officers, war strategy, intelligence capabilities and notes from his discussions with President Barack Obama. He still provided his biographer, Paula Broadwell, access to these books after she asked to use them as source material.

But, according to the Washington Post, in February 2015, Petraeus’ lawyers requested the statement Petraeus made about Kiriakou’s case not appear in the statement of facts in the plea deal.

“In the statement of facts that would accompany the plea agreement, prosecutors also said they would want to reference a Petraeus message sent to the CIA workforce in 2012 after John Kiriakou, a former agency officer, was convicted of leaking classified information,” the Post reported. A person involved with discussions about the plea deal told the Post the Kiriakou reference was “off the table.”

The issue over the embarrassing Kiriakou reference came up during a meeting with James Melendres, a prosecutor with the Justice Department’s National Security Division. He proposed a deal. Petraeus would plead guilty to lying to FBI agents and mishandling classified information. Petraeus’ lawyer objected to the lying charge and that became a “non-starter.”

The plea deal Petraeus agreed to in March 2015 involved only one charge—the unauthorized removal and retention of classified material. He received a sentence of probation for two years and a $40,000 fine.

“It’s weird on many levels that [prosecutors are] realizing the hypocrisy by admitting they’re going to keep something out of a statement of facts wherein Petraeus acknowledges he realizes leaking classified information is a crime,” Jesselyn Radack, a national security & human rights lawyer for Expose Facts who has represented numerous whistleblower clients, including Kiriakou. “It’s pretty striking that they would deliberately omit that because it makes Petraeus look bad and looks embarrassing.”

The Post report also shows how willing prosecutors were to acquiesce to the demands of Petraeus to remain out of prison and not be charged with any felony that would result in the loss of a pension.

quote:

EFF wants the NSA to destroy 14 years worth' of phone records

When the USA Freedom Act passed last June, it put an end to the country’s National Security Agency’s (NSA) mass surveillance program in which it collected millions of phone records of citizens’ calls over 14 years.

But the Electronic Frontier Foundation (EFF) believes that isn’t enough to protect people’s privacy, because those records still exist in various NSA databases. The non-profit is calling on a secret court to consider ways to delete this trove of data without destroying evidence that proves the NSA snooped on citizens.

EFF says that, “Even after the President, other members of the executive branch, Congress, the press, and the public fully and freely discussed the fact that the government was gathering the records of millions of Americans,” the government claims that no one other than a clutch of Verizon Business customers have sufficient proof to show that their phone records were actually collected.

As such, the government says that it can’t be sued by bodies like the EFF. The organization is currently involved in two pending cases seeking a remedy for the past 14 years of illegal phone record collection.

EFF wrote a letter (PDF) to the secret Foreign Intelligence Surveillance Act (FISA) court last December which it has now made public, explaining that it is ready to discuss options that will allow destruction of the records in ways that still preserve its ability to prosecute the cases.

It’ll be interesting to see how this pans out: if the government doesn’t agree to a discussion about how to handle these phone records, it’s possible that they will remain on file for years to come. Plus, it could allow the NSA to avoid being held accountable for its illegal mass surveillance.

At a time when people across the world are fighting to secure their rights to privacy in the future, it’s also important to ensure that our past is confidential too.

Bron: thenextweb.com

quote:

Canada's electronic spy agency stops sharing some metadata with partners - Politics - CBC News

The Communications Security Establishment, Canada's electronic spy agency, has stopped sharing certain metadata with international partners after discovering it had not been sufficiently protecting that information before passing it on.

Defence Minister Harjit Sajjan says the sharing won't resume until he is satisfied that the proper protections are in place. Metadata is information that describes other data, such as an email address or telephone number, but not the content of a given email or recording of a phone call.

The issue is disclosed in the annual report of CSE commissioner Jean Pierre Plouffe, which was tabled in the House of Commons Thursday morning.

"While I was conducting this current comprehensive review, CSE discovered on its own that certain metadata was not being minimized properly," Plouffe explained in the report.

"Minimization is the process by which Canadian identity information contained in metadata is rendered unidentifiable prior to being shared …."

"The fact that CSE did not properly minimize Canadian identity information contained in certain metadata prior to being shared was contrary to the ministerial directive, and to CSE's operational policy."

Canada's Five Eyes partners, with which data is sometimes shared, are the United States, Australia, New Zealand and the United Kingdom.

The report also noted that "the metadata ministerial directive lacks clarity regarding the sharing of certain types of metadata with Five Eyes partners, as well as other aspects of CSE's metadata activities."

Plouffe goes on to say that the ministerial directive is unclear about key aspects of how CSE collects,uses and discloses metadata, and does not provide clear guidance for how CSE's metadata activities are undertaken, recommending the agency ask for a new directive to provide better guidance.

In a statement, Sajjan says the "metadata in question … did not contain names or enough information on its own to identify individuals" and that "taken together with CSE's suite of privacy protection measures, the privacy impact was low."

He added: "I am reassured that the commissioner's findings confirm the metadata errors that CSE identified were unintentional, and am satisfied with CSE's proactive measures, including suspending the sharing of this information with its partners and informing the Minister of Defence."

Sajjan said CSE won't resume sharing this information with Canada's partners until he is fully satisfied the effective systems and measures are in place."

Speaking to reporters on Parliament Hill, Sajjan did not specify what sort of metadata had been shared and said officials could not review the data to determine how many people might have been impacted without violating privacy laws.

Appearing alongside Sajjan, Public Safety Minister Ralph Goodale noted that the federal government is in the process of reviewing its security intelligence operations and is committed to introducing new parliamentary oversight of intelligence agencies.

Bron: www.cbc.ca

quote:

GCHQ whistleblower movie Official Secrets recruits Harrison Ford and Anthony Hopkins | Film | The Guardian


How the Observer broke the story of NSA ‘dirty tricks’ at the UN in the runup to the Iraq war in 2003 will star Natalie Dormer as news source Katharine Gun

Harrison Ford and Anthony Hopkins have joined the cast of Official Secrets, the long-mooted film about the Observer’s reporting of the GCHQ bugging scandal in 2003, it has been announced.

In the latest film to cover the activities of whistleblowers and the journalists who report their revelations, Official Secrets will tell the story of Katharine Gun, an officer at the Cheltenham-based government eavesdropping agency. She leaked an email that contained a request by America’s NSA to illegally bug the United Nations offices of six key countries in the run-up to the UN’s vote on whether to authorise the Iraq war.

Gun’s revelations were reported in the Observer (the Guardian’s sister Sunday newspaper) by journalists Martin Bright and Ed Vulliamy, and Gun was arrested and charged with breaking the Official Secrets Act. However, her case was dropped in 2004 after no evidence was offered by the prosecution.

According to the Hollywood Reporter, Hopkins will play a retired general and Ford a veteran CIA agent. The have been cast alongside The Hunger Games’s Natalie Dormer, who will play Gun, and Paul Bettany as Bright. Martin Freeman plays the Observer’s foreign affairs editor – whose character name, Peter Edwards, appears to be a composite of Vulliamy and real-life editor Peter Beaumont, who is now the Guardian’s Jerusalem correspondent.

Official Secrets will be directed by Mandela: Long Walk to Freedom’s Justin Chadwick, and shooting is due to start in May.

Bron: www.theguardian.com

quote:

CIA planned rendition operation to kidnap Edward Snowden

The US Central Intelligence Agency (CIA) prepared to kidnap Edward Snowden, the whistleblower who exposed illegal and unconstitutional mass spying by the National Security Agency (NSA), documents obtained by the Danish media outlet Denfri show.

US intelligence maintained an aircraft and paramilitary team on standby in Copenhagen, awaiting orders to seize Snowden in the event that he crossed into a number of European countries, the documents show. They were obtained by Denfri through a Freedom of Information Act suit in August 2015.

The existence of the CIA plane was first reported in 2014 by The Register, which identified the aircraft as a Gulfstream V, registered under the number N977GA. The plane had previously been used to transport CIA captives to the agency’s “black site” torture centers across Europe, which were built up as part of an expanding global network of secret CIA prisons since 9/11.

The latest documents appear to have decisively corroborated this account, showing that Danish police and government officers approved the positioning of the CIA plane in Copenhagen for unspecified “state purposes.” In one of the leaked government letters, US Federal Bureau of Investigation representatives also sought cooperation from the Norwegian government, demanding that they immediately notify US agencies in the event that Snowden travelled to Norway, Finland, Sweden or Denmark.

The Danish decision to host the plane was part of broader cooperation by Copenhagen with Washington’s extra-legal kidnapping and rendition network. The Danish state has sought to preserve total secrecy in relation to the stationing of the CIA plane on its soil.

“Denmark’s relationship with the USA would be damaged if the information [content redacted from the documents] becomes public knowledge,” Denmark’s interior ministry told Denfri.

The confirmation that Washington planned for a direct raid to seize Snowden and forcibly return him to US custody does not come as a surprise.

Snowden has become a public enemy of the first order in the eyes of the US ruling class since he began releasing troves of data on spy programs run by the NSA and other US government agencies in the summer of 2013. According to May 2014 comments from then-NSA Director Keith Alexander, Snowden downloaded more than 1 million secret US government documents.

For the “crime” of exposing the vast and criminal surveillance enterprises run the by US government, Snowden has been subjected to innumerable death threats and slanders by the American media and political establishment.

Snowden embodies a new generation of educated and technologically-trained workers and youth who are increasingly hostile to the existing social order. That is why he has been hounded and turned away by governments around the world, and now lives in de facto exile in Moscow, where he received a temporary visa only after being forced to live for weeks in Moscow’s international air terminal, after the US cancellation of his passport frustrated his effort to travel to Ecuador, where he was seeking asylum.

There is now firm evidence that the US ruling elite sought to make good on its threats against Snowden, in the form of a snatch-and-grab operation, likely aimed at transferring the whistleblower to a covert torture base somewhere in Europe.

Bron: www.wsws.org

quote:

Investigatory powers bill: snooper's charter lacks clarity, MPs warn | Law | The Guardian

Highly critical report says proposed legislation must be reviewed to ensure obligations on tech industry are clear

The government’s investigatory powers bill lacks clarity and is sowing confusion among tech firms about the extent to which “internet connection records” will be collected, a parliamentary select committee has warned.

The highly critical report by the House of Commons science and technology committee says there are widespread doubts about key definitions in the legislation, “not to mention the definability, of a number of the terms”.

The admission that many MPs and technology experts are baffled will reinforce political concerns that such a complex bill is being pushed through parliament at speed. Other select committees are meanwhile preparing assessments of different aspects of the bill.

Related: Investigatory powers bill: the key points

Launching the report, the Conservative MP Nicola Blackwood, who is chair of the committee, said: “It is vital we get the balance right between protecting our security and the health of our economy. We need our security services to be able to do their job and prevent terrorism, but as legislators we need to be careful not to inadvertently disadvantage the UK’s rapidly growing tech sector.

“The current lack of clarity within the draft investigatory powers bill is causing concern amongst businesses... The government must urgently review the legislation so that the obligations on the industry are clear and proportionate.

“There remain questions about the feasibility of collecting and storing internet connection records (ICRs), including concerns about ensuring security for the records from hackers. The bill was intended to provide clarity to the industry, but the current draft contains very broad and ambiguous definitions of ICRs, which are confusing communications providers. This must be put right for the bill to achieve its stated security goals.”

The collection of ICRs is to allow law enforcement agencies to identify the communications service to which a device has connected. The report calls on the government to ensure that obligations it is imposing on industry are both clear and proportionate.

The committee accepts the principle that intelligence and security agencies should “in tightly prescribed circumstances be able to seek to obtain unencrypted data from communications service providers”.

The report says: “However, there is confusion about how the draft bill would affect end-to-end encrypted communications, where decryption might not be possible by a communications provider that had not added the original encryption.

“The government should clarify and state clearly in the codes of practice (which will be published alongside the bill itself) that it will not be seeking unencrypted content in such cases, in line with the way existing legislation is currently applied.”

Commenting on encryption, Blackwood said: “Encryption is important in providing the secure services on the internet we all rely on, from credit card transactions and commerce to legal or medical communications.

“It is essential that the integrity and security of legitimate online transactions is maintained if we are to trust in, and benefit from, the opportunities of an increasingly digital economy. The government needs to do more to allay unfounded concerns that encryption will no longer be possible.”

Related: Privacy watchdog attacks snooper's charter over encryption

The MPs said the evidence they received suggested there were still many unanswered questions about how this legislation would work “in the fast moving world” of technological innovation. “There are good grounds to believe that without further refinement, there could be many unintended consequences for commerce arising from the current lack of clarity of the terms and scope of the legislation,” they added.

Antony Walker, deputy CEO of techUK, which represents the technology industry, said: “There are several important recommendations in this report that we urge the Home Office to take on board. In particular we need more clarity on fundamental issues, such as core definitions, encryption and equipment interference.

“These are all issues that we highlighted to the committee and can be addressed both in the bill and in the codes of practice which we believe must be published alongside the bill, and regularly updated, as recommended by the committee. Without that additional detail, too much of the bill will be open to interpretation, which undermines trust in both the legislation and the reputation of companies that have to comply with it.

“The draft bill presents an opportunity for the UK government to develop a world-leading legal framework that balances the security needs with democratic values and protects the health of our growing digital economy. But we have to get the details right.”

Bron: www.theguardian.com

quote:

The British want to come to America — with wiretap orders and search warrants

quote:

If U.S. and British negotiators have their way, MI5, the British domestic security service, could one day go directly to American companies such as Facebook or Google with a wiretap order for the online chats of British suspects in a counter­terrorism investigation.

The transatlantic allies have quietly begun negotiations this month on an agreement that would enable the British government to serve wiretap orders directly on U.S. communication firms for live intercepts in criminal and national security investigations involving its own citizens. Britain would also be able to serve orders to obtain stored data, such as emails.

The previously undisclosed talks are driven by what the two sides and tech firms say is an untenable situation in which foreign governments such as Britain cannot quickly obtain data for domestic probes because it happens to be held by companies in the United States. The issue highlights how digital data increasingly ignores national borders, creating vexing challenges for national security and public safety, and new concerns about privacy.

quote:

Draft snooper's charter 'fails on spying powers and privacy protections'

quote:

Theresa May’s draft “snooper’s charter” bill fails to cover all the intrusive spying powers of the security agencies and lacks clarity in its privacy protections, a parliamentary committee has said.

The intelligence and security committee said the draft legislation published by the home secretary suffered from a lack of sufficient time and preparation. It was evident that even those working on the legislation had not always been clear about what it was intended to achieve, it said.

The unexpectedly critical intervention by the ISC, which is nominated by the prime minister and chaired by the former Conservative attorney general, Dominic Grieve, comes just two days before a key scrutiny committee of MPs and peers is to deliver its verdict on the draft legislation aimed at regulating the surveillance powers of the security agencies.

quote:

Here you can read about:
- Signals Intelligence (SIGINT),
- Communications Security (COMSEC),
- Information Classification,
and also about the equipment, from past and present, which make that civilian and military leaders can communicate in order to fulfill their duties.

The main focus will be on the United States and its National Security Agency (NSA), but attention will also be paid to other countries and subjects.

quote:

How NSA contact chaining combines domestic and foreign phone records

quote:

In the previous posting we saw that the domestic telephone records, which NSA collected under authority of Section 215 of the USA PATRIOT Act (internally referred to as BR-FISA), were stored in the centralized contact chaining system MAINWAY, which also contains all kinds of metadata collected overseas.

Here we will take a step-by-step look at what NSA analysts do with these data in order to find yet unknown conspirators of foreign terrorist organisations.

It becomes clear that the initial contact chaining is followed by various analysis methods, and that the domestic metadata are largely integrated with the foreign ones, something NSA never talked about and which only very few observers noticed.

_{What is described here is the situation until the end of 2015. The current practice under the USA FREEDOM Act differs in various ways. The information in this article is almost completely derived from documents declassified by the US government, but these have various parts redacted.}

quote:

Apple weigert FBI te helpen om iPhone terrorist te kraken - rtlz.nl

Een rechter bepaalde gisteren dat Apple de FBI speciale software moet leveren die een bepaalde veiligheidsencryptie kan kraken. Maar Apple weigert dat.

Het technologiebedrijf zegt dat het een 'gevaarlijke achterdeur' in zijn systeem moet bouwen. "De overheid heeft ons gevraagd om iets dat we niet hebben en iets dat we te gevaarlijk vinden om te creëren.''

Misbruik door criminelen
Als rechercheurs de beveiliging van een telefoon kunnen kraken, kunnen criminelen zo'n gat in de beveiliging ook misbruiken, zegt Apple.

"Als de techniek eenmaal is gemaakt, kan het telkens weer worden gebruikt, op alle apparaten. Het zou hetzelfde zijn als een moedersleutel die honderden miljoenen sloten kan openen, van restaurants en banken tot winkels en huizen. Geen redelijk persoon zou dat acceptabel vinden."

Alle gegevens gewist
Om meer te weten te komen over de schutter, Syed Farook, willen rechercheurs van de FBI zijn telefoon uitpluizen. Maar dat kan niet, omdat ze nog niet door de beveiliging heen zijn. Als ze het te vaak proberen, zorgt ingebouwde software ervoor dat alle gegevens worden gewist.

Syed Farook en zijn vrouw Tashfeen Malik schoten op 2 december vorig jaar in het Californische San Bernardino 14 mensen dood. De twee terroristen werd later doodgeschoten door de politie.

Bron: www.rtlz.nl

quote:

Snowden komt terug naar de VS als hij een eerlijk proces krijgt - rtlz.nl

De voormalige medewerker van de Amerikaanse geheime dienst lijkt langzaam genoeg te hebben van zijn verblijf in Rusland. Hij woont daar sinds hij in 2013 de VS ontvluchtte, nadat hij details had gelekt van een grootschalig spionageprogramma van de Amerikaanse overheid. In de VS hangt hem daarvoor een gevangenisstraf van 30 jaar boven het hoofd.

Via Skype vertelde Snowden gisteren aan aanhangers in de Amerikaanse staat New Hampshire dat hij bereid is om uitgeleverd te worden, meldt persbureau AP.

Openbaar verdedigen
"Ik heb de overheid verteld dat ik terug zou komen als ze een eerlijk proces zouden garanderen", zei hij volgens het persbureau. Snowden wil tijdens de rechtszaak de mogelijkheid krijgen om zichzelf in het openbaar te verdedigen en uit te leggen waarom hij de geheimen lekte. Hij wil graag dat zijn daden beoordeeld worden door een jury.

Snowden heeft eerder al eens gezegd dat hij zijn terugkeer naar de VS wil bespreken met de overheid. Hij zou bijvoorbeeld schuld willen bekennen in ruil voor een strafvermindering en heeft ook gezegd dat hij bereid was de cel in te gaan.

Wachten op de overheid
Eric Holder, tot eind vorig jaar minister van Justitie in de VS, zei eerder dat een deal met Snowden een mogelijkheid was. Maar Snowden zei in oktober dat hij nog steeds wachtte op een reactie van de overheid.

Snowdens onthullingen over de Amerikaanse en Britse geheime diensten hebben geleid tot een internationale discussie over het monitoren van persoonlijke communicatie en de balans tussen veiligheid en privacy.

Zijn acties maken hem volgens sommigen een held. Critici noemen hem een verrader en stellen dat zijn onthullingen de strijd tegen terrorisme in gevaar hebben gebracht.

Bron: www.rtlz.nl

quote:

We cannot trust our government, so we must trust the technology | US news | The Guardian

Apple’s battle with the FBI is not about privacy v security, but a conflict created by the US failure to legitimately oversee its security service post Snowden


The showdown between Apple and the FBI is not, as many now claim, a conflict between privacy and security. It is a conflict about legitimacy.

America’s national security agencies insist on wielding unaccountable power coupled with “trust us, we’re the good guys”, but the majority of users have no such trust. Terrorism is real, and surveillance can sometimes help prevent it, but the only path to sustainable accommodation between technologies of secrecy and adequately informed policing is through a root-and-branch reform of the checks and balances in the national security system.

The most important principle that the Obama administration and Congress need to heed in this conflict is: “Physician, heal thyself.”

The FBI, to recap, is demanding that Apple develop software that would allow it to access the secure data on the work phone of one of the two perpetrators of the San Bernardino attack.

Apple has refused to do so, arguing that in order to build the ability to access this phone, it would effectively be creating a backdoor into all phones.

The debate is being publicly framed on both sides as a deep conflict between security and freedom; between the civil rights of users to maintain their privacy, and the legitimate needs of law enforcement and national security. Yet this is the wrong way to think about it.

The fundamental problem is the breakdown of trust in institutions and organizations. In particular, the loss of confidence in oversight of the American national security establishment.

It is important to remember that Apple’s initial decision to redesign its products so that even Apple cannot get at a user’s data was in direct response to the Snowden revelations. We learned from Snowden that the US national security system spent the years after 9/11 eviscerating the system of delegated oversight that had governed national security surveillance after Watergate and other whistleblower revelations exposed pervasive intelligence abuses in the 1960s and 70s.

Apple’s design of an operating system impervious even to its own efforts to crack it was a response to a global loss of trust in the institutions of surveillance oversight. It embodied an ethic that said: “You don’t have to trust us; you don’t have to trust the democratic oversight processes of our government. You simply have to have confidence in our math.”

This approach builds security in a fundamentally untrustworthy world.

Related: Apple v FBI: engineers would be ashamed to break their own encryption

Many people I know and admire are troubled by the present impasse. After all, what if you really do need information from a terrorist about to act, or a kidnapper holding a child hostage? These are real and legitimate concerns, but we will not solve them by looking in the wrong places. The FBI’s reliance on the All Writs Act from 1789 says: “I am the government and you MUST do as you are told!” How legitimate or illegitimate what the government does is irrelevant, so this logic goes, to the citizen’s duty to obey a legally issued order.

The problem with the FBI’s approach is that it betrays exactly the mentality that got us into the mess we are in. Without commitment by the federal government to be transparent and accountable under institutions that function effectively, users will escape to technology. If Apple is forced to cave, users will go elsewhere. American firms do not have a monopoly on math.

In the tumultuous days after the Snowden revelations there were various committees and taskforces created to propose reforms. Even a review group made of top former White House and national security insiders proposed extensive structural reforms to how surveillance operated and how it was overseen. Neither the administration nor Congress meaningfully implemented any of these reforms.

Apple’s technology is a response to users’ thirst for technology that can secure their privacy and autonomy in a world where they cannot trust any institutions, whether government or market.

It is therefore the vital national security interest of the US that we build an institutional system of robust accountability and oversight for surveillance and investigation powers. We need meaningful restrictions on collection and use of data; we need genuinely independent review, with complete access to necessary information and a technically proficient capacity to exercise review.

Perhaps most importantly, we need to end the culture of impunity that protects people who run illegal programs and continue to thrive in their careers after they are exposed, but vindictively pursues the whistleblowers who expose that illegality.

Only such a system, that offers transparently meaningful oversight and real consequences for those who violate our trust, has any chance of being trustworthy enough to remove the persistent global demand for platforms that preserve user privacy and security even at the expense of weakening the capabilities of their policing and national security agencies.

Apple’s case is not about freedom versus security; it is about trustworthy institutions or trust-independent technology. We cannot solve it by steamrolling the technology in service of untrusted institutions.

Bron: www.theguardian.com

quote:

WikiLeaks: NSA luisterde telefoontjes tussen Merkel en Ban Ki-moon af

quote:

De Amerikaanse inlichtingendienst NSA heeft in 2008 naar verluidt telefoongesprekken tussen de Duitse bondskanselier Angela Merkel en secretaris-generaal van de Verenigde Naties Ban Ki-moon afgeluisterd. Dit blijkt uit de meest recente onthullingen op de klokkenluiderwebsite WikiLeaks.

quote:

Italy summons American ambassador to ​clarify reports NSA spied on Berlusconi | World news | The Guardian

John Phillips summoned to Rome following accusations that the US National Security Agency spied on the former prime minister and his close associates

The Italian government has summoned the American ambassador to Rome following accusations that the US National Security Agency spied on former prime minister Silvio Berlusconi and some of his close associates in 2011, at the height of the eurozone crisis.

The Italian foreign ministry said in a statement that it has summoned the US ambassador, John Phillips, for “clarification” about the reports, but declined to elaborate on who Phillips met and whether the accusations of wiretapping were addressed.

A report in L’Espresso, the Italian news magazine, said that WikiLeaks documents had revealed that the NSA – the US government agency whose mass surveillance programme in the US was revealed by Edward Snowden – had spied on Berlusconi and some of his associates as the Italian economy was heading into freefall, and as the former conservative premier was facing allegations about his “Bunga Bunga” sex parties.

Citing WikiLeaks documents, the report states that Berlusconi, as well as his “trusted personal adviser” Valentino Valentini, national security adviser Bruno Archi, Marco Carnelos, a diplomatic adviser, and the permanent representative of Italy to Nato, Stefano Stefanini, were all targeted.

The US was allegedly concerned with Berlusconi’s relationship with the Russian president, Vladimir Putin. Earlier WikiLeaks cables dating back to 2009 portrayed Valentini as a shadowy figure who looked after Berlusconi’s interests in Russia and quoted US contacts within Berlusconi’s party and the Democratic party – which is currently in power – as believing that Berlusconi was profiting personally from energy deals between Italy and Russia

The report suggested that the new revelations “reopen the case” about why Berlusconi ultimately stepped down, but it did not make any direct allegations in connection to the WikiLeaks documents. Berlusconi’s resignation led to the ascent of Mario Monti’s government, who was followed by prime minister Enrico Letta, and, finally, the current premier, Matteo Renzi.

The report said that the NSA also intercepted a phone conversation between Berlusconi and the Israeli leader, Binyamin Netanyahu, in March 2010, in a period of crisis between Israel and the US, after Netanyahu announced Israel planned to build 1,600 homes in East Jerusalem. In the conversation, Netanyahu allegedly said tensions between Israel and the US could only be heightened by the absence of direct contacts with Barack Obama, the US president. In response, Berlusconi promised to help mend ties with Washington.

The US embassy did not respond to a request for comment. The news comes one day after a report in the Wall Street Journal revealed that Italy has agreed to allow the US to use the American and Nato naval air base in Sicily to launch armed drones in defensive attacks against Isis in northern Africa. The breakthrough came after a year of negotiations between the countries, with Italy reportedly blocking a request by the US to use the Sicilian base to launch potential offensive attacks.

The decision to summon the ambassador was not entirely unprecedented. When the German chancellor, Angela Merkel, learned that the NSA had spied on her, she rang up Obama directly and the issue strained the relationship between Germany and the US.

Ambassador Phillips was confirmed by the Senate in August 2013. On the US embassy website, it says the former Washington attorney played a “significant role” in the creation of a whistleblower reward programme designed to encourage private citizens to expose and detect defence contractor fraud. He is married to Linda Douglass, who served as communications director for the White House effort to pass healthcare reform.

Bron: www.theguardian.com

quote:

Obama Administration Set to Expand Sharing of Data That N.S.A. Intercepts

WASHINGTON — The Obama administration is on the verge of permitting the National Security Agency to share more of the private communications it intercepts with other American intelligence agencies without first applying any privacy protections to them, according to officials familiar with the deliberations.

The change would relax longstanding restrictions on access to the contents of the phone calls and email the security agency vacuums up around the world, including bulk collection of satellite transmissions, communications between foreigners as they cross network switches in the United States, and messages acquired overseas or provided by allies.
Continue reading the main story
Related Coverage

N.S.A. Gets Less Web Data Than Believed, Report SuggestsFEB. 16, 2016
Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. BorderJUNE 4, 2015
After Paris Attacks, C.I.A. Director Rekindles Debate Over SurveillanceNOV. 16, 2015
File Says N.S.A. Found Way to Replace Email ProgramNOV. 19, 2015
Judge Deals a Blow to N.S.A. Data Collection ProgramNOV. 9, 2015

The idea is to let more experts across American intelligence gain direct access to unprocessed information, increasing the chances that they will recognize any possible nuggets of value. That also means more officials will be looking at private messages — not only foreigners’ phone calls and emails that have not yet had irrelevant personal information screened out, but also communications to, from, or about Americans that the N.S.A.’s foreign intelligence programs swept in incidentally.

Civil liberties advocates criticized the change, arguing that it will weaken privacy protections. They said the government should disclose how much American content the N.S.A. collects incidentally — which agency officials have said is hard to measure — and let the public debate what the rules should be for handling that information.

“Before we allow them to spread that information further in the government, we need to have a serious conversation about how to protect Americans’ information,” said Alexander Abdo, an American Civil Liberties Union lawyer.

Robert S. Litt, the general counsel in the office of the Director of National Intelligence, said that the administration had developed and was fine-tuning what is now a 21-page draft set of procedures to permit the sharing.

The goal for the final rules, Brian P. Hale, a spokesman for the office, said in a statement, is “to ensure that they protect privacy, civil liberties and constitutional rights while enabling the sharing of information that is important to protect national security.”

Until now, National Security Agency analysts have filtered the surveillance information for the rest of the government. They search and evaluate the information and pass only the portions of phone calls or email that they decide is pertinent on to colleagues at the Central Intelligence Agency, the Federal Bureau of Investigation and other agencies. And before doing so, the N.S.A. takes steps to mask the names and any irrelevant information about innocent Americans.

The new system would permit analysts at other intelligence agencies to obtain direct access to raw information from the N.S.A.’s surveillance to evaluate for themselves. If they pull out phone calls or email to use for their own agency’s work, they would apply the privacy protections masking innocent Americans’ information — a process known as “minimization” — at that stage, Mr. Litt said.

Executive branch officials have been developing the new framework and system for years. President George W. Bush set the change in motion through a little-noticed line in a 2008 executive order, and the Obama administration has been quietly developing a framework for how to carry it out since taking office in 2009.

The executive branch can change its own rules without going to Congress or a judge for permission because the data comes from surveillance methods that lawmakers did not include in the main law that governs national security wiretapping, the Foreign Intelligence Surveillance Act, or FISA.

FISA covers a narrow band of surveillance: the collection of domestic or international communications from a wire on American soil, leaving most of what the N.S.A. does uncovered. In the absence of statutory regulation, the agency’s other surveillance programs are governed by rules the White House sets under a Reagan-era directive called Executive Order 12333.

Mr. Litt declined to make available a copy of the current draft of the proposed procedures.

“Once these procedures are final and approved, they will be made public to the extent consistent with national security,” Mr. Hale said. “It would be premature to draw conclusions about what the procedures will provide or authorize until they are finalized.”

Among the things they would not address is what the draft rules say about searching the raw data using names or keywords intended to bring up Americans’ phone calls or email that the security agency gathered “incidentally” under the 12333 surveillance programs — including whether F.B.I. agents may do so when working on ordinary criminal investigations.

Under current rules for data gathered under a parallel program — the no-warrant surveillance program governed by the FISA Amendments Act — N.S.A. and C.I.A. officials may search for Americans’ information only if their purpose is to find foreign intelligence, but F.B.I. agents may conduct such a search for intelligence or law enforcement purposes. Some lawmakers have proposed requiring the government to obtain a warrant before conducting such a search.

In 2013, The Washington Post reported, based on documents leaked by the former intelligence contractor Edward J. Snowden, that the N.S.A. and its British counterpart, Government Communications Headquarters, had tapped into links connecting Google’s and Yahoo’s data centers overseas and that the American spy agency had collected millions of records a day from them. The companies have since taken steps to encrypt those links.

That collection occurred under 12333 rules, which had long prohibited the N.S.A. from sharing raw information gathered from the surveillance it governed with other members of the intelligence community before minimization. The same rule had also long applied to sharing information gathered with FISA wiretaps.

But after the attacks of Sept. 11, 2001, the Bush administration began an effort to tear down barriers that impeded different parts of the government from working closely and sharing information, especially about terrorism.

In 2002, for example, it won permission, then secret, from the intelligence court permitting the C.I.A., the F.B.I. and the N.S.A. to share raw FISA wiretap information. The government did not disclose that change, which was first reported in a 2014 New York Times article based on documents disclosed by Mr. Snowden.

In August 2008, Mr. Bush change d 12333 to permit the N.S.A. to share unevaluated surveillance information with other intelligence agencies once procedures were developed.

Intelligence officials began working in 2009 on how the technical system and rules would work, Mr. Litt said, eventually consulting the Defense and Justice Departments. This month, the administration briefed the Privacy and Civil Liberties Oversight Board, an independent five-member watchdog panel, seeking input. Before they go into effect, they must be approved by James R. Clapper, the intelligence director; Loretta E. Lynch, the attorney general; and Ashton B. Carter, the defense secretary.

“We would like it to be completed sooner rather than later,” Mr. Litt said. “Our expectation is months rather than weeks or years.”

quote:

Privacy Shield: dit houdt de datadeal tussen EU-VS in - rtlz.nl

Twee jaar werkten Europa en de Verenigde Staten aan een opvolger voor Safe Harbor, de afspraak waarmee Amerikaanse bedrijven data van Europeanen mochten verwerken en opslaan. Het Europees Hof verklaarde Safe Harbor vorig jaar ongeldig, nadat klokkenluider Edward Snowden de spionagepraktijken van de Amerikaanse geheime dienst NSA openbaarde.

Amerikaanse bedrijven raakten toen in paniek, omdat zij wettelijk gezien geen data van Europese gebruikers in de VS mochten verwerken. Met het Privacy Shield wordt dit weer mogelijk, maar zowel de Amerikaanse overheid als Amerikaanse bedrijven moeten zich voortaan aan striktere regels houden.

Dit is nieuw in Privacy Shield:

1. Amerikaanse bedrijven moeten zich registeren voor deelname aan het Privacy Shield
Dit klinkt een beetje als Safe Harbor 2.0: bedrijven moeten schriftelijk aantonen dat zij de privacy van Europese burgers waarborgen. Dat gebeurt elk jaar. Het Amerikaanse ministerie van Economische Zaken houdt er toezicht op dat bedrijven zich houden aan het Privacy Shield, en het zorgt voor een up-to-date lijst met aangesloten bedrijven. Als bedrijven zich toch niet aan het Privacy Shield houden, dan volgen er sancties.

In het Privacy Shield staat onder andere dat bedrijven data van Europese burgers alleen mogen verwerken voor 'gelimiteerde en gespecificeerde doeleinden' en dat individuen daarmee expliciet in moet stemmen. Ook moeten de data veilig worden opgeslagen zodat niet jan en alleman bij de data kan.

2. De Amerikaanse geheime dienst mag niet zomaar Europese burgers bespioneren
De Europese Commissie is tevreden met de schriftelijke garanties van de VS dat de Amerikaanse geheime dienst data van Europese burgers alleen aftapt als daar noodzaak voor is. Er zijn volgens de Europese Commissie 'duidelijke beperkingen, waarborgen en toezichtmechanismen' ingesteld voor spionage door de NSA.

Ook wordt er een onafhankelijke ombudsman in de VS aangesteld die klachten over de spionagepraktijken van de NSA behandelt. Hier kunnen Europese burgers met hun klachten terecht. Ook worden de praktijken van de geheime dienst elk jaar door de Europese Commissie opnieuw onder de loep genomen.

3. Amerikaanse bedrijven moeten klachten binnen 45 dagen in behandeling nemen
Als je een klacht indient bij een Amerikaans bedrijf over het verwerken van jouw data, moet de klacht binnen 45 dagen in behandeling worden genomen. Je kunt als gebruiker een klacht bij het bedrijf indienen of aankloppen bij de Nederlandse privacywaakhond Autoriteit Persoonsgegevens. Daarnaast krijgt het Privacy Shield een tool waarmee Europese burgers klachten over Amerikaanse bedrijven kunnen indienen. Ook wordt er een speciaal Europees panel opgericht dat dergelijke klachten in behandeling kan nemen.

4. Elk jaar wordt het Privacy Shield opnieuw beoordeeld
Het Privacy Shield wordt elk jaar door de Europese Commissie en het Amerikaanse ministerie van Economische Zaken opnieuw beoordeeld. Bij deze beoordeling worden ook de spionagepraktijken van de NSA meegenomen - en of de geheime dienst niet over de schreef is gegaan. Dat gebeurt onder andere met transparantierapporten van bedrijven, die publiceren hoe vaak ze door een overheid zijn benaderd om gegevens over te dragen.

'Een varken met tien lagen lippenstift'
Andrus Ansip, vicepresident van de Europese Commissie, is blij met de details van het Privacy Shield: "We blijven werken om het vertrouwen in de online wereld te versterken. Vertrouwen is een must, en dat wat onze digitale toekomst zal aandrijven."

Maar vertrouwen is volgens critici niet genoeg om de privacy van Europese burgers te beschermen. "De EU en VS proberen zo'n tien lagen lippenstift op een varken te smeren, maar de kernproblemen zijn duidelijk niet opgelost", schrijft Max Schrems (pdf). De Oostenrijker zorgde er met een rechtszaak tegen Facebook voor dat Safe Harbor werd afgeschaft. Schrems vindt dat zijn data op de Amerikaanse servers van Facebook niet veilig zijn, en het Europees Hof stelde hem in het gelijk.

Schrems: "De Europese Commissie claimt dat er geen 'bulkspionage' meer plaatsvindt, maar de documenten zeggen juist het tegenovergestelde." Hij doelt op een passage in het Privacy Shield, waarmee het in bulk verzamelen van data van Europese burgers door de NSA alleen is toegestaan onder zes specifieke voorwaarden, zoals omwille van counterterrorisme en cybersecurity.

Volgens Schrems zijn er genoeg mensen die met het Privacy Shield weer naar het Europees Hof stappen om de legaliteit van de afspraak te beproeven: "En ik kan zeker één van die mensen zijn."

De Autoriteit Persoonsgegevens komt vandaag met een officiële reactie op het Privacy Shield. De Nederlandse privacywaakhond moet, in samenwerking met de Artikel 29-werkgroep die bestaat uit de Europese privacytoezichthouders, nog zijn officiële goedkeuring geven.

Bron: www.rtlz.nl

quote:

Snooper's charter: wider police powers to hack phones and access web history | World news | The Guardian

Latest version of investigatory powers bill will allow police to hack people’s computers and view browsing history


Powers for the police to access everyone’s web browsing histories and to hack into phones are to be expanded under the latest version of the snooper’s charter legislation.

The extension of police powers contained in the investigatory powers bill published on Tuesday indicates the determination of the home secretary, Theresa May, to get her legislation on to the statute book by the end of this year despite sweeping criticism by three separate parliamentary committees in the past month.

Related: Technology firms' hopes dashed by 'cosmetic tweaks' to snooper's charter

The bill is designed to provide the first comprehensive legal framework for state surveillance powers anywhere in the world. It has been developed in response to the disclosure of state mass surveillance programmes by the whistleblower Edward Snowden. The government hopes it will win the backing of MPs by the summer and by the House of Lords this autumn.

May said the latest version reflected the majority of the 122 recommendations made by MPs and peers, including strengthening safeguards, enhancing privacy protections and bolstering oversight arrangements.

She has, in particular, made changes to meet concerns within the technology industry that the surveillance law would undermine encryption. The latest draft makes clear that the government will take a pragmatic approach, and no company will be required to remove encryption of its own services if it is not technically feasible. The likely costs involved will also be taken into account.

But the publication of the detailed bill has also revealed that, far from climbing down over her proposals, May intends to expand the scope of its most controversial new powers – the collection and storage for 12 months of everyone’s web browsing history, known as internet connection records – and state powers to hack into computers and smartphones.

The bill will now allow police to access all web browsing records in specific crime investigations, beyond the illegal websites and communications services specified in the original draft bill.

It will extend the use of state remote computer hacking from the security services to the police in cases involving a “threat to life” or missing persons. This can include cases involving “damage to somebody’s mental health”, but will be restricted to use by the National Crime Agency and a small number of major police forces.

Four hours after the bill’s publication the Home Office issued a highly unusual “clarification” claiming that its official response published on Tuesday listing the powers to allow the police to use computer and phone hacking as a “key change” was because they had been missed out from the draft bill.

“Documents published alongside the bill today describe the position as having changed as it was not referenced in the draft bill. However it reflects current police practice. The fact that it was not included in the draft bill was an omission that is being corrected in the final bill.”

The Home Office said the hacking powers dated from the 1997 Police Act and would most likely only be used in “exceptional circumstances” such as finding missing people. They would require a “double-lock” warrant with ministerial authorisation and judicial approval.

However evidence given to the scrutiny committee by the head of the Metropolitan police technical unit, Det Supt Paul Hudson, said such hacking powers were used “in the majority of serious crime cases” but refused to give further details in a public forum.

He described it as a “covert activity so nothing that we do under equipment interference would cause any damage or leave any trace, otherwise it would not remain covert for very long”. His colleague said they could provide MPs and peers with data on its use but it was “very confidential” and would have to remain unpublished.

Hudson acknowledged that the technology has long moved on since 1997. Legalised hacking now allows a third party to take remote control of a phone’s camera or microphone to record video and conversations taking place.

The Home Office’s claim that the legalised hacking powers had been missed out of the original draft bill and so escaped the process of pre-legislative scrutiny was greeted with scepticism by at least one member of the scrutiny committee.

The expansion of police powers to access web browsing history as part of their investigations follows pressure from the police, and the use of these powers does not need the “double-lock” ministerial authorisation.

The home secretary told MPs she had rejected the committees’ recommendations to exclude the use of state surveillance powers for the “economic wellbeing” of the UK. She also resisted their demand to scrap warrants allowing GCHQ to undertake bulk computer hacking, describing them as a “key operational requirement”.

May also underlined the “vital part” played by the security agencies’ “bulk powers” – the mass collection and storage of everyone’s communications data in Britain and the bulk interception of the content of communications of those based overseas to acquire intelligence.

The Home Office has made detailed tweaks to the original draft of the bill, including stronger protections for journalists and lawyers, six codes of practice setting out how the powers will be used, and the use of a “double-lock” authorisation of the most intrusive surveillance methods by a minister backed by the approval of a judicial commissioner.

The Home Office has acknowledged that the initial costing of the bill, at around £247m, is not set, and a final figure will be published after detailed consultations with industry.

Related: Home Office to publish revised draft of snooper's charter

May said: “This is vital legislation and we are determined to get it right. The revised bill we introduced today reflects the majority of the committees’ recommendations – we have strengthened safeguards, enhanced privacy protections and bolstered oversight arrangements – and will now be examined by parliament before passing into law by the end of 2016.

“Terrorists and criminals are operating online and we need to ensure the police and security services can keep pace with the modern world and continue to protect the British public from the many serious threats we face.”

As part of the pre-legislative process, the bill was examined by a draft scrutiny committee, the intelligence and security committee and the science and technology committee.

The MPs and peers called for a fundamental rewrite of the draft bill, with the ISC calling for privacy safeguards to be made the backbone of the legislation and the draft scrutiny committee saying the case had not yet been made for the introduction of new powers to store and access everyone’s web browsing history.

Eric King, director of the Don’t Spy On Us coalition, which includes Liberty, Privacy International and other privacy and digital rights groups, called for a rethink of the bill.

“Rather than a full redraft, we’ve been given cosmetic tweaks to a heavily criticised, deeply intrusive bill,” he said. “Reshuffling safeguards without meaningfully improving protections, authorisations or oversight does nothing to address widespread concerns about mass surveillance. The unsettling absence of a robust, technical, detailed evaluation of those bulk powers means the case still hasn’t been made, and parliament won’t have the information it needs to do its job.

“There simply isn’t time for proper scrutiny of all these powers in the time frame proposed. More than 100 experts called on the Home Office to put on the brakes. The government must think again.”

Shami Chakrabarti, director of Liberty, said: “Less than three weeks ago MPs advised 123 changes to the majorly flawed draft bill. The powers were too broad, safeguards too few and crucial investigatory powers entirely missing.

“Minor Botox has not fixed this bill. Government must return to the drawing board and give this vital, complex task appropriate time. Anything else would show dangerous contempt for parliament, democracy and our country’s security.”

Related: The Guardian view on surveillance: keep a vigilant eye on the snoopers | Editorial

Lord Strasburger, a Liberal Democrat member of the scrutiny committee on the draft bill, said nothing had changed since the committee published its report three weeks ago: “The Home Office just doesn’t do privacy. It does security and ever more intrusive powers they claim will make us safer, but not privacy. The fact that they see simply changing the name of one section to include the word ‘privacy’ as addressing the fundamental concerns about privacy protections in this bill is breath-taking,” he said.

“The speed with which the home secretary is trying to force this bill through parliament shows no respect to the joint committee and ISC who worked so hard to give them workable solutions to problems in the draft bill, to parliament, or to the British people.”
Bron: www.theguardian.com

quote:

Marechaussee onderzocht afgelopen jaar flink meer telefoons | NOS

Het afgelopen jaar heeft de Koninklijke Marechaussee een recordaantal telefoons en simkaarten onderzocht. Dat blijkt uit een WOB-verzoek (.pdf) van Freedom Inc, een organisatie die zich inzet voor de rechten van burgers.

In totaal werden 3387 telefoonchecks uitgevoerd, anderhalf keer zoveel als vorig jaar. In 2008 werden er slechts 900 checks uitgevoerd.

"Het gaat om de telefoons van mensen die we verdenken van een strafbaar feit", zegt woordvoerder Alfred Ellwanger. "Dat kan het bijvoorbeeld gaan om drugssmokkel, mensensmokkel of terrorisme. Daarnaast checken we telefoons van vreemdelingen die Nederland binnen komen, als we vermoeden dat ze door mensensmokkelaars zijn binnengebracht."

Speciale teams onderzoeken vervolgens de telefoons. "Ze kunnen nummers van mensensmokkelaars achterhalen, maar ook sms’jes of WhatsApp-berichten. Alle informatie op zo’n telefoon kan van belang zijn."

De stijging komt volgens de marechaussee doordat er op gebied van mensensmokkel meer verdachten zijn aangehouden. Verder ziet de dienst een relatie met de toename van het aantal vluchtelingen. De marechaussee benadrukt dat ze niet aan de telefoons van normale reizigers komen.

Bron: nos.nl

quote:

It Took a FOIA Lawsuit to Uncover How the Obama Administration Killed FOIA Reform

quote:

The Obama administration has long called itself the most transparent administration in history. But newly released Department of Justice (DOJ) documents show that the White House has actually worked aggressively behind the scenes to scuttle congressional reforms designed to give the public better access to information possessed by the federal government.

The documents were obtained by the Freedom of the Press Foundation, a nonprofit organization that supports journalism in the public interest, which in turn shared them exclusively with VICE News. They were obtained using the Freedom of Information Act (FOIA) — the same law Congress was attempting to reform. The group sued the DOJ last December after its FOIA requests went unanswered for more than a year.

The documents confirm longstanding suspicions about the administration's meddling, and lay bare for the first time how it worked to undermine FOIA reform bills that received overwhelming bipartisan support and were unanimously passed by both the House and Senate in 2014 — yet were never put up for a final vote.

Moreover, a separate set of documents obtained by VICE News in response to a nearly two-year-old FOIA request provides new insight into how the Securities and Exchange Commission and the Federal Trade Commission (FTC) also tried to disrupt Congress's FOIA reform efforts, which would have required those agencies to be far more transparent when responding to records requests.

The disclosures surface days before Sunshine Week, an annual celebration of open government, and a renewed effort by the House and Senate to improve the FOIA by enacting the very same reforms contained in the earlier House and Senate bills — the seventh attempt in at least 10 years by lawmakers to amend the transparency law. But the administration is again working to derail the legislation, according to congressional staffers.

The FOIA Oversight and Implementation Act of 2014, co-sponsored by then–House Oversight and Government Reform Committee Chairman Darrell Issa and ranking member Elijah Cummings, would have codified into law Obama's presidential memorandum, signed on his first day in office in 2009, that instructed all government agencies to "adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open Government." (Attorney General Eric Holder issued a set of guidelines to federal agencies a couple of months later that explained how the presumption of disclosure should be implemented.)

Additionally, the legislation called for the implementation of a centralized online portal, overseen by the Office of Management and Budget (OMB), to handle all FOIA requests and required government agencies to update their FOIA regulations. The bill unanimously passed by a vote of 410-0, one of the few pieces of legislation during President Barack Obama's tenure to receive bipartisan support.

Related: There Are 1,800 Reasons Why the Controversy Over Hillary Clinton's Emails Is Far From Over

But the administration "strongly opposed passage" of the House bill and opposed nearly every provision that would have made it easier for journalists, historians, and the public to access government records. The White House claimed it would increase the FOIA backlog, result in astronomical costs, and cause unforeseen problems with processing requests, according to a secret six-page DOJ set of talking points turned over to the Freedom of the Press Foundation along with 100 pages of internal DOJ emails about the FOIA bill.

"The Administration views [the House bill] as an attempt to impose on the Executive Branch multiple administrative requirements concerning its internal management of FOIA administration, which are not appropriate for legislative intervention and would substantially increase costs and cause delays in FOIA processing," the talking points say. "The Administration believes that the changes… are not necessary and, in many respects, will undermine the successes achieved to date by diverting scarce processing resources."

quote:

Notably, the DOJ's talking points also shed light on the ongoing turf war between the Office of Information Policy and the independent Office of Government Information Services (OGIS), also known as the FOIA ombuds office, which provides requesters with mediation services. Congressional efforts to expand OGIS's role, as cited in the bill, were interpreted by DOJ to be an encroachment on its powers. The DOJ went so far as to claim that empowering another agency to improve FOIA administration was unconstitutional.

quote:

But everything died in the House in December 2014 after then-Speaker John Boehner failed to bring up the final version for a vote. Rumors soon began to surface that the DOJ, the SEC, and the FTC, prodded by banking lobbyists, worked behind the scenes and lobbied lawmakers not to bring the legislation up for a vote. The DOJ used the same talking points to sound alarm bells about the Senate bill.

quote:

UK setting bad example on surveillance, says UN privacy chief | World news | The Guardian

Special rapporteur Joseph Cannataci says Britain should be oulawing bulk data collection rather than legitimising it

Special rapporteur Joseph Cannataci says Britain should be oulawing bulk data collection rather than legitimising it

The UK is setting a bad example to the rest of the world with proposed changes to the law on surveillance, the United Nations special rapporteur on privacy has said.

The criticism by rapporteur Joseph Cannataci is made in a report presented to the UN Human Rights Council. The report deals with privacy concerns worldwide but Cannataci, concerned about developments in the UK, has devoted a section to the British bill.

He says the British government has failed to recognise the consequences of legitimising bulk data collection or mass surveillance. Instead of legitimising it, the government should be outlawing it, he says.

MPs are scheduled to vote on the second reading of the investigatory powers bill next week. The bill is in part a response to the revelations of whistleblower Edward Snowden in 2013 about the scale of bulk data collection by intelligence agencies in the UK and US.

The bill enshrines in law a host of surveillance powers the intelligence services had kept largely hidden from the public for the last two decades, including computer hacking. In contrast with the US, which last year banned bulk data phone collection, the UK is keeping all its surveillance powers.

Cannataci, in the report, expresses serious concern and calls on MPs to use their influence to ensure “that disproportionate, privacy-intrusive measures such as bulk surveillance and bulk hacking as contemplated in the investigatory powers bill be outlawed rather an legitimised.”

He notes the influence the UK has over the commonwealth and calls on it to step back from taking disproportionate measures which could have “negative ramifications beyond the shores of the United Kingdom”.

He also urges the UK to show greater commitment to privacy and “to desist from setting a bad example to other states by continuing to propose measures, especially bulk interception and bulk hacking” which run counter to recent European court judgments and “undermine the spirit of the very right to privacy”.

Jim Killock, executive director of the Open Rights Group, welcomed the report and described the bill as deeply flawed.

“The special rapporteur’s report is yet another damning criticism of the investigatory powers bill. Not only does it call for the disproportionate powers in the bill to be outlawed rather than legitimised, it points out that the bill does not comply with recent human rights rulings, which means it could be open to legal challenges.

“The report voices another serious concern – that the impact of this extreme legislation will be felt around the world, and copied by other countries.”

Bron: www.theguardian.com

quote:

Als het aan Obama ligt, mag de FBI z'n gang gaan - rtlz.nl

President Obama liet het eerder al doorschemeren, maar nu zegt hij ook het terwijl de hele techwereld toekijkt.

"Als jouw argument is dat sterke encryptie boven alles gaat, en dat we in feite black boxes zullen creëren. Dat komt volgens mij niet overeen met de soort van balans waarin we al zo'n 200 tot 300 jaar leven." Was getekend Obama, afgelopen nacht op de tech- en muziekconferentie SXSW. Met andere woorden: de FBI moet in sommige gevallen bij je spullen kunnen. "Het fetisjeert onze telefoons boven elke andere waarde. Dat kan niet het goede antwoord zijn."

Apple versus FBI
Obama weigerde in te gaan op de zaak van de FBI tegen Apple, maar aan zijn antwoorden was wel af te leiden aan welke kant hij staat. Verder dreigde hij dat als de techwereld niet een manier vindt om de wet te dienen, dat dit juist zou kunnen leiden tot minder encryptie. "Als de tech-community zich zo blijft verzetten en er gebeurt iets echt ergs, dan zal de politiek terugslaan en slordig en gehaast worden."

Dus als de techwereld een vorm van encryptie wil bewaren, moet het maar eens starten met het tonen van goede wil. Bekijk het interview met Obama (vanaf minuut 41:21).

Bron: www.rtlz.nl

quote:

In the Apple Case, a Debate Over Data Hits Home

quote:

WASHINGTON — Three years ago, reeling from Edward J. Snowden’s disclosure of the government’s vast surveillance programs and uncertain how to respond, President Obama said he welcomed a vigorous public debate about the wrenching trade-offs between safeguarding personal privacy and tracking down potential terrorists.

“It’s healthy for our democracy,” he told reporters at the time. “I think it’s a sign of maturity.”

But the national debate touched off this winter by the confrontation between the Justice Department and Apple over smartphone security is not exactly the one Mr. Obama had in mind.

Mr. Snowden’s revelations produced modest changes and a heightened suspicion of the government’s activities in cyberspace. Because the issue now centers on a device most Americans carry in their pockets, it is concrete and personal in a way that surveillance by the National Security Agency never was.

The trade-offs seem particularly stark because they have been framed around a simple question: Should Apple help the F.B.I. hack into an iPhone used by a gunman in the massacre last December in San Bernardino, Calif.?

Law enforcement officials have been adamant they must be able to monitor the communications of criminals. They received a vote of confidence from Mr. Obama on Friday, when he said the “absolutist” position taken by companies like Apple is wrong. But the pushback has been enormous.

In the month since a judge ordered Apple to comply with the F.B.I., the debate has jumped from the tech blogs to the front pages of daily newspapers and nightly newscasts. Supporters of the company’s position have held rallies nationwide. Late-night comedians have lampooned government snoopers. Timothy D. Cook, the usually publicity-shy Apple chief executive, pleaded his case on “60 Minutes” last December. On Twitter, “#encryption” fills the screen with impassioned debate on both sides.

“Discussing the case with my friends has become a touchy subject,” said Matthew Montoya, 19, a computer science major at the University of Texas, El Paso. “We’re a political bunch with views from all across the spectrum.”

Like many of her friends, Emi Kane, a community organizer in Oakland, Calif., recently found herself arguing via Facebook with a family friend about the case. Ms. Kane thought Apple was right to refuse to hack the phone; her friend, a waitress in Delaware, said she was disgusted by Apple’s lack of patriotism.

After exchanging several terse messages, they agreed to disagree. “It was a hard conversation,” Ms. Kane said.

The novelist Russell Banks, who signed a letter to Attorney General Loretta Lynch on behalf of Apple, said he had spoken with more than a dozen people about the case just in the last week.

“It’s not just people in the tech industry talking about this,” Mr. Banks, the author of “Affliction” and “The Sweet Hereafter,” said. “It’s citizens like myself.”

That may be because the Apple case involves a device whose least interesting feature is the phone itself. It is a minicomputer stuffed with every detail of a person’s life: photos of children, credit card purchases, texts with spouses (and nonspouses), and records of physical movements.

Mr. Obama warned Friday against “fetishizing our phones above every other value.” After avoiding taking a position for months, he finally came down on the side of law enforcement, saying that using technology to prevent legal searches of smartphones was the equivalent of preventing the police from searching a house for evidence of child pornography.

“That can’t be the right answer,” he said at the South by Southwest festival in Texas, even as he professed deep appreciation for civil liberties and predicted both sides would find a way to cooperate. “I’m confident this is something that we can solve.”

But polls suggest the public is nowhere near as certain as Mr. Obama. In surveys, Americans are deeply divided about the legal struggle between the government and one of the nation’s most iconic companies. The polls show that Americans remain anxious about both the threat of terrorist attacks and the possible theft of personal digital information.

A Wall Street Journal/NBC News survey released last week found that 42 percent of Americans believed Apple should cooperate with law enforcement officials to help them gain access to the locked phone, while 47 percent said Apple should not cooperate. Asked to weigh the need to monitor terrorists against the threat of violating privacy rights, the country was almost equally split, the survey found.

That finding may have seemed unlikely in the wake of terrorist attacks last year in Paris and San Bernardino. In December, eight in 10 people said in a New York Times/CBS News survey that it was somewhat or very likely that there would be a terrorist attack in the United States in the coming months. A CNN poll the same month found that 45 percent of Americans were somewhat or very worried that they or someone in their family would become a victim of terrorism.

But despite the fears about terrorism, the public’s concern about digital privacy is nearly universal. A Pew Research poll in 2014 found more than 90 percent of those surveyed felt that consumers had lost control over how their personal information was collected and used by companies.

The Apple case already seems to have garnered more public attention than the Snowden revelations about “metadata collection” and programs with code names like Prism and XKeyscore. The comedian John Oliver once mocked average Americans for failing to know whether Mr. Snowden was the WikiLeaks guy or the former N.S.A. contractor (he was the latter).

Now, people are beginning to understand that their smartphones are just the beginning. Smart televisions, Google cars, Nest thermostats and web-enabled Barbie dolls are next. The resolution of the legal fight between Apple and the government may help decide whether the information in those devices is really private, or whether the F.B.I. and the N.S.A. are entering a golden age of surveillance in which they have far more data available than they could have imagined 20 years ago.

“It’s an in-your-face proposition for lots more Americans than the Snowden revelation was,” said Lee Rainie, director of Internet, science and technology research at Pew Research Center.

Cindy Cohn, executive director of the Electronic Frontier Foundation, said: “Everyone gets at a really visceral level that you have a lot of really personal stuff on this device and if it gets stolen it’s really bad. They know that the same forces that work at trying to get access to sensitive stuff in the cloud are also at work attacking the phones.”

For the F.B.I. and local law enforcement agencies, the fight has become a high-stakes struggle to prevent what James B. Comey, the bureau’s director, calls “warrant-free zones” where criminals can hide evidence out of reach of the authorities.

Officials had hoped the Apple case involving a terrorist’s iPhone would rally the public behind what they see as the need to have some access to information on smartphones. But many in the administration have begun to suspect that the F.B.I. and the Justice Department may have made a major strategic error by pushing the case into the public consciousness.

Many senior officials say an open conflict between Silicon Valley and Washington is exactly what they have been trying to avoid, especially when the Pentagon and intelligence agencies are trying to woo technology companies to come back into the government’s fold, and join the fight against the Islamic State. But it appears it is too late to confine the discussion to the back rooms in Washington or Silicon Valley.

The fact that Apple is a major consumer company “takes the debate out of a very narrow environment — the universe of technologists and policy wonks — into the realm of consumers where barriers like the specific language of Washington or the technology industry begins to fall away,” said Malkia Cyril, the executive director of the Center for Media Justice, a grass-roots activist network.

That organization and other activist groups like Black Lives Matter have seized on the issue as important for their members. In February the civil liberties group Fight for the Future organized the day of protest against the government order that resulted in rallies in cities nationwide.

“When we heard the news and made a call for nationwide rallies, one happened in San Francisco that same day,” said Tiffiniy Cheng, co-founder of Fight for the Future. “Things like that almost never happen.”

Ms. Cyril says the public angst about the iPhone case feels more urgent than did the discussion about government surveillance three years ago.

“This is one of those moments that defines what’s next,” she said. “Will technology companies protect the privacy of their users or will they do work for the U.S. government? You can’t do both.”

quote:

Beveiligde e-maildienst ProtonMail nu voor iedereen te gebruiken

quote:

Na twee jaar heeft de beveiligde e-maildienst ProtonMail zijn deuren geopend. Iedereen kan een gratis account aanmaken.

E-mailverkeer is lastig te beveiligen, maar de Zwitserse start-up ProtonMail wil daar verandering in brengen. In 2014 haalde het bedrijf een half miljoen dollar op om een dienst te maken die net zo gemakkelijk is als Gmail, maar ook zo veilig is dat zelfs NSA-klokkenluider Edward Snowden het kan gebruiken. Nu opent ProtonMail voor iedereen zijn deuren.

End-to-end-encryptie
ProtonMail maakt gebruik van end-to-end-encryptie, waardoor de inhoud van een e-mail alleen voor de ontvanger is in te zien. Dit gebeurt automatisch bij e-mailtjes tussen ProtonMail-gebruikers, maar de functie is ook in te schakelen als je een e-mail stuurt naar bijvoorbeeld een Gmail-adres. De ontvanger wordt dan naar een pagina geleid waar degene een wachtwoord in moet vullen om de e-mail te lezen en te reageren. Het wachtwoord kan via een andere veilige verbinding worden gegeven, zoals de chat-app Signal.

Daarnaast versleutelt ProtonMail de inhoud van je inbox. Elke gebruiker logt in met een e-mailadres en wachtwoord, maar moet na het inloggen nog een extra wachtwoord invullen om toegang te krijgen tot de inbox. Alle e-mails, bijlages en informatie staan versleuteld op de servers van ProtonMail, en alleen jij hebt het wachtwoord om de versleuteling op te heffen.

Betaalde accounts
Iedereen kan bij ProtonMail een gratis account aanmaken, maar er is ook een optie voor twee betaalde varianten. De goedkoopste kost 5 euro per maand of 48 euro per jaar en biedt de optie om een eigen domein te gebruiken, zoals jouwnaam@jouwdomein.nl, en 5GB opslag. De duurste versie kost 30 euro per maand of 288 euro en biedt ondersteuning voor tien verschillende domeinnamen en 20GB opslag.

Naast het beschikbaar maken van de e-maildienst brengt ProtonMail ook officieel zijn Android- en iOS-app uit. De start-up groeit hard, want ProtonMail heeft inmiddels een miljoen gebruikers. Dat komt onder andere omdat de dienst prominent in beeld kwam tijdens de hackerserie Mr. Robot.

Voor iedereen toegankelijk maken
"ProtonMail is ontwikkeld om je te beschermen tegen massasurveillance", zei oprichter Andy Yen eerder in een gesprek met RTL Z. "Om dit te bewerkstelligen, is het belangrijk om encryptie voor iedereen toegankelijk en gemakkelijk in gebruik te maken."

"We zijn echt niet een e-maildienst voor iedereen, maar wel voor de grote groep mensen die het niet eens is met de massaspionage door overheden."

quote:

Na Brussel willen EU-ministers directe toegang tot data - rtlz.nl

Europese ministers willen een nieuwe wet waarmee inlichtingendiensten en politie direct toegang krijgen tot telecommunicatie en online data. Daarmee moeten terreurverdachten sneller worden opgespoord.

De Europese ministers van Veiligheid en Justitie zouden de eerste versie van de wet in juni van dit jaar presenteren. "In het licht van de gebeurtenissen (in Brussel) zijn we overtuigd dat het noodzakelijk is om [...] manieren te vinden om digitaal bewijs sneller en effectiever te verkrijgen en veilig te stellen", staat in de verklaring van de ministers na afloop.

Europese communicatiedienstverleners moeten volgens de conceptwet 'directe toegang' bieden aan wetshandhavingsinstanties. Dit betekent bijvoorbeeld dat een telecomprovider als KPN of Vodafone nauwer moeten samenwerken met de AIVD en politie om toegang te geven tot hun data. Daarnaast wil de EU ook het Midden-Oosten aansporen om hulp te bieden waar nodig.

Gezamenlijk platform
Naast directere toegang pleiten de Europese ministers voor een betere samenwerking tussen de inlichtingendiensten van Europese landen. Zo zouden alle inlichtingendiensten een gezamenlijk platform moeten krijgen waarmee ze direct data met elkaar kunnen delen.

Parijs
Na de aanslagen in Parijs stelde de Franse regering soortgelijke wetten voor. Naast Frankrijk is ook het Verenigd Koninkrijk voorstander voor verscherpte surveillancewetten.

In Nederland wordt er gewerkt aan twee nieuwe wetten waarmee de AIVD en politie meer bevoegdheden krijgen. De AIVD kan met de nieuwe surveillancewet op grotere schaal digitale informatie aftappen, de politie krijgt met het wetsvoorstel Wet Computercriminaliteit III de bevoegdheid om verdachten te hacken.

Bron: www.rtlz.nl

quote:

A Conversation on Privacy

quote:

The balance between national security and government intrusion on the rights of private citizens will be the topic of a panel discussion featuring renowned linguist and MIT professor Noam Chomsky, NSA whistleblower Edward Snowden, and Intercept co-founding editor Glenn Greenwald. Nuala O’Connor, president and CEO of the Center for Democracy and Technology, will act as moderator.

Chomsky and Greenwald will appear in person at the event, hosted in Tucson by the University of Arizona College of Behavioral Sciences, while Snowden will appear via videoconference.

The Intercept is streaming the event live on this page, and the conversation will be archived here in full.

quote:

Mass surveillance silences minority opinions, according to study

quote:

A new study shows that knowledge of government surveillance causes people to self-censor their dissenting opinions online. The research offers a sobering look at the oft-touted "democratizing" effect of social media and Internet access that bolsters minority opinion.

The study, published in Journalism and Mass Communication Quarterly, studied the effects of subtle reminders of mass surveillance on its subjects. The majority of participants reacted by suppressing opinions that they perceived to be in the minority. This research illustrates the silencing effect of participants’ dissenting opinions in the wake of widespread knowledge of government surveillance, as revealed by whistleblower Edward Snowden in 2013.

The “spiral of silence” is a well-researched phenomenon in which people suppress unpopular opinions to fit in and avoid social isolation. It has been looked at in the context of social media and the echo-chamber effect, in which we tailor our opinions to fit the online activity of our Facebook and Twitter friends. But this study adds a new layer by explicitly examining how government surveillance affects self-censorship.

Participants in the study were first surveyed about their political beliefs, personality traits and online activity, to create a psychological profile for each person. A random sample group was then subtly reminded of government surveillance, followed by everyone in the study being shown a neutral, fictional headline stating that U.S. airstrikes had targeted the Islamic State in Iraq. Subjects were then asked a series of questions about their attitudes toward the hypothetical news event, such as how they think most Americans would feel about it and whether they would publicly voice their opinion on the topic. The majority of those primed with surveillance information were less likely to speak out about their more nonconformist ideas, including those assessed as less likely to self-censor based on their psychological profile.

Elizabeth Stoycheff, lead researcher of the study and assistant professor at Wayne State University, is disturbed by her findings.

quote:

The most wanted man in the world

^{By James Banford}

quote:

I’ve had several occasions to stay at the Metropol during my three decades as an investigative journalist. I stayed here 20 years ago when I interviewed Victor Cherkashin, the senior KGB officer who oversaw American spies such as Aldrich Ames and Robert Hanssen. And I stayed here again in 1995, during the Russian war in Chechnya, when I met with Yuri Modin, the Soviet agent who ran Britain’s notorious Cambridge Five spy ring. When Snowden fled to Russia after stealing the largest cache of secrets in American history, some in Washington accused him of being another link in this chain of Russian agents. But as far as I can tell, it is a charge with no valid evidence.

I confess to feeling some kinship with Snowden. Like him, I was assigned to a National Security Agency unit in Hawaii—in my case, as part of three years of active duty in the Navy during the Vietnam War. Then, as a reservist in law school, I blew the whistle on the NSA when I stumbled across a program that involved illegally eavesdropping on US citizens. I testified about the program in a closed hearing before the Church Committee, the congressional investigation that led to sweeping reforms of US intelligence abuses in the 1970s. Finally, after graduation, I decided to write the first book about the NSA. At several points I was threatened with prosecution under the Espionage Act, the same 1917 law under which Snowden is charged (in my case those threats had no basis and were never carried out). Since then I have written two more books about the NSA, as well as numerous magazine articles (including two previous cover stories about the NSA for WIRED), book reviews, op-eds, and documentaries.

quote:

And there’s another prospect that further complicates matters: Some of the revelations attributed to Snowden may not in fact have come from him but from another leaker spilling secrets under Snowden’s name. Snowden himself adamantly refuses to address this possibility on the record. But independent of my visit to Snowden, I was given unrestricted access to his cache of documents in various locations. And going through this archive using a sophisticated digital search tool, I could not find some of the documents that have made their way into public view, leading me to conclude that there must be a second leaker somewhere. I’m not alone in reaching that conclusion. Both Greenwald and security expert Bruce Schneier—who have had extensive access to the cache—have publicly stated that they believe another whistle-blower is releasing secret documents to the media.

In fact, on the first day of my Moscow interview with Snowden, the German newsmagazine Der Spiegel comes out with a long story about the NSA’s operations in Germany and its cooperation with the German intelligence agency, BND. Among the documents the magazine releases is a top-secret “Memorandum of Agreement” between the NSA and the BND from 2002. “It is not from Snowden’s material,” the magazine notes.

Some have even raised doubts about whether the infamous revelation that the NSA was tapping German chancellor Angela Merkel’s cell phone, long attributed to Snowden, came from his trough. At the time of that revelation, Der Spiegel simply attributed the information to Snowden and other unnamed sources. If other leakers exist within the NSA, it would be more than another nightmare for the agency—it would underscore its inability to control its own information and might indicate that Snowden’s rogue protest of government overreach has inspired others within the intelligence community. “They still haven’t fixed their problems,” Snowden says. “They still have negligent auditing, they still have things going for a walk, and they have no idea where they’re coming from and they have no idea where they’re going. And if that’s the case, how can we as the public trust the NSA with all of our information, with all of our private records, the permanent record of our lives?”

quote:

British mobile phone users’ movements 'could be sold for profit’ | World news | The Guardian

Hackers could steal users’ location data, finding out ‘where you are, how you got there and where you are going’, say campaigners

British mobile phone users are one data breach away from having the routines of their daily lives revealed to criminals, privacy campaigners have said.

Mobile phone networks and wireless hotspot operators are collecting detailed information on customers’ movements that reveal intimate details of their lives, two separate investigations into mobile data retention have found.

Many people unwittingly sign up to be location-tracked 24/7, unaware that the highly sensitive data this generates is being used and sold on for profit. Campaigners say that if this information were stolen by hackers, criminals could use it to target children as they leave school or homes after occupants have gone out.

It is so detailed that it can reveal customers’ gender, sexual orientation, religion and other many personal details that could present serious risks of blackmail.

“Effectively consumers are opting in to being location tracked by default,” said Geoff Revill, the founder of Krowdthink, the privacy campaign group behind one of the investigations published on Monday.

“The fact of the matter is your mobile service provider knows – without you knowing – where you are, how you got there and can figure out where you are going.”

Related: UK plans to track all internet connections could cost £1bn, campaigners warn

Such precise location data would be like “gold dust” for criminals if it found its way on to the black market, said Pete Woodward, the founder of information security experts Securious.

“The information that mobile and Wi-Fi service providers hold on location tracking is an evolving and high-risk area of cybercrime that needs urgent attention by the industry,” Woodward said. “Otherwise we will face the frightening prospect that such highly sensitive data could get into the hands of the likes of kidnappers and paedophiles.”

Krowdthink’s research found that 93% of UK citizens had opted in to location tracking, giving mobile phone and wireless operators unlimited access to their whereabouts 24 hours a day.

This data, the report says, “brings the cloud into the crowd” by connecting web users’ digital lives with their physical lives, making it one of the most intrusive forms of tracking.

Yet Krowdthink’s research, and research conducted simultaneously but independently by the Open Rights Group (ORG), found that customers were not being given clear enough information about how the data is used, or opportunities to opt out of collection.

Mystery shopping trips carried out by both groups found that mobile and wireless service providers are not telling customers upfront that all their movements will be tracked and used for marketing, and often sold on to third parties.

All the mobile phone companies contacted by the ORG said they anonymise data, which means they are not legally obliged to ask for consent to use it. But the group, which campaigns for digital rights, raised questions about the efficacy of anonymising such personal information.

Often all it takes is the cross-referencing of one set of anonymised data with another set of data, such as the electoral roll, to reveal the identities of the people tracked. Jim Killock, the ORG’s executive director, said: “Mobile service providers need to collect and keep data so that they can bill us for our services.

“But just because they collect this data does not mean that they have an automatic right to process that data for other purposes without our consent. If they don’t, they are removing our right to control this data and the risks associated with their using it.”

Related: There’s always an excuse to hack into our lives | John Naughton

Britain’s mobile phone industry is worth £14bn, with 93% of adults owning a mobile phone and 61% owning a smartphone. Data collected from these phones, including usage, web browsing and location histories, is used to build profiles that are used by advertisers and other undefined businesses.

Location data is collected from the cell towers of a mobile service provider when it tracks a customer to route a call to them. There are now 52,000 cell towers in Britain. In some areas they are as close as 50 metres apart.

Wireless hotspots are also potential location trackers, with many public providers opting customers into tracking by default in their terms and conditions. In many cases these hotspots will log registered customers’ location as they pass through, even if they do not sign in.

Krowdthink’s investigation found that some providers, including O2 and Vodafone, use the same privacy policy for wireless as for their mobile phone customers. The combination of the two networks enables them to track location with even greater fidelity of location tracking.

However, customers do have a legal right to opt out of location tracking for marketing purposes and, with the forthcoming European General Data Protection Regulation, will soon be able to demand that their location data is deleted.

Krowdthink and the ORG warn mobile users to turn off wireless internet when they are out to avoid disclosing their identities as they pass through hotspots. They also warn people to be aware that they could be providing information on their location when sharing digital photos and video images and downloading mobile apps.

Killock added: “Mobile phone companies should improve the transparency of their operations by making their privacy polices clearer, giving customers’ information about what exact data they are collecting, how long they will keep it for, how each particular type of data will be used, who it will be shared with and the risks associated with this.

“They should also make contracts available before the point of sale and marketing and location tracking opt-outs simpler.”

• The headline on this article was changed on 4 April 2016 to better reflect the story.

Bron: www.theguardian.com

quote:

WhatsApp is nu één van de veiligste chat-apps - rtlz.nl

WhatsApp is sinds vandaag één van de veiligste chat-apps die je kunt gebruiken. De dienst heeft een krachtige vorm van encryptie doorgevoerd, die beschikbaar is voor alle vormen van communicatie met de app.

Dat maakt WhatsApp vandaag bekend. Opvallend genoeg is de beveiliging sinds de overname door Facebook alleen maar opgeschroefd, terwijl gebruikers door die overname juist vreesden voor hun privacy. Het proces om de krachtige end-to-end-encryptie door te voeren, waarmee berichten alleen door de ontvanger kunnen worden ingezien, heeft ongeveer een jaar geduurd.

Open Whisper Systems
De end-to-end-encryptie van WhatsApp is gebaseerd op het Signal-protocol van Open Whisper Systems, het bedrijf achter de beveiligde chat-app Signal. De oprichter van Open Whisper Systems, Moxie Marlinspike, is een bekende privacyvoorvechter die in 2013 aan WhatsApp voorstelde om hun beveiliging op te schroeven. De ceo van WhatsApp, Jan Koum, stemde daarmee in. Ook heeft Koum zich verschillende keren publiekelijk uitgelaten over het belang van privacy en encryptie.

WhatsApp beveiligt vanaf vandaag je (groeps)chats, verzonden en ontvangen (media)bestanden en telefoongesprekken tussen alle platformen: Android, iOS, Windows Phone, Nokia S40, Nokia S60, BlackBerry en BlackBerry 10. De chatdienst wordt wereldwijd door 1 miljard mensen gebruikt.

"In sommige opzichten kun je end-to-end-encryptie zien als het eren van hoe het verleden eruitzag", legt Marlinspike uit aan Wired. "Onze communicatie gaat steeds vaker via netwerken in plaats van face-to-face of andere traditionele vormen die privé zijn. Zelfs schriftelijke correspondentie werd niet zo onderworpen aan massasurveillance als elektronische communicatie vandaag de dag."

Elkaar checken via QR-code
Bij de gesprekken in WhatsApp komt een melding te staan als er gebruik wordt gemaakt van end-to-end-encryptie. Als de ontvanger een oudere versie van WhatsApp gebruikt, staat de melding er niet. WhatsApp-gebruikers kunnen elkaar verifiëren met een qr-code of lange cijfercode, waardoor je kunt checken of je daadwerkelijk met de juiste persoon communiceert.

De encryptie van WhatsApp is, net als bij alle andere 'veilige' apps en diensten, niet 100 procent veilig. Het Signal-protocol kan bijvoorbeeld vanaf de server worden uitgeschakeld. Daarnaast uploaden veel gebruikers nog een onbeveiligde back-up van hun WhatsApp-geschiedenis naar de cloud, wat ook voor beveiligingsproblemen kan zorgen. Het is dus veiliger om die automatische back-up uit te zetten.

Het vertrouwen in Marlinspike en het Signal-protocol is daarentegen groot, want zelfs NSA-klokkenluider Edward Snowden zegt dat je de beveiliging achter Signal - en dus ook WhatsApp - kunt vertrouwen.

Bron: www.rtlz.nl

quote:

Europese privacywaakhonden vinden datadeal EU-VS te slap - rtlz.nl

Dat zegt Jacob Kohnstamm, voorzitter van de Nederlandse privacywaakhond Autoriteit Persoonsgegevens (AP), tegen RTL Z. De AP maakt onderdeel uit van de Artikel 29-werkgroep, die bestaat uit de Europese privacywaakhonden. De werkgroep is kritisch op het Privacy Shield.

Niet bindend, wel belangrijk
Het advies van de Artikel 29-werkgroep is niet bindend, maar wel belangrijk voor de ontwikkeling van de Privacy Shield-overeenkomst. De Europese Commissie heeft de privacywaakhonden om advies gevraagd. Dat is verplicht.

De Europese Commissie en Verenigde Staten hebben in februari een politieke deal gesloten waardoor het voor de meer dan 4000 Amerikaanse bedrijven, zoals Facebook, Google en Microsoft, mogelijk blijft om gegevens van Europeanen te verwerken. Denk bijvoorbeeld aan e-mailadressen, foto's en zoekopdrachten. Het Privacy Shield vervangt een oude overeenkomst, die vorig jaar ongeldig werd verklaard door het Europees Hof.

Kohnstamm denkt dat de Europese Commissie nog een 'reuze klus' heeft om het Privacy Shield rond te krijgen: "De overeenkomst zoals hij er nu ligt, beschermt de privacy van Europeanen niet voldoende."

Drie grote zorgen
De zorgen rondom het Privacy Shield vormen zich voornamelijk rondom drie onderwerpen: de internetsurveillance van de Amerikaanse geheime dienst, de onafhankelijke ombudsman die klachten over die surveillance in behandeling neemt en het opslaan van data.

Allereerst zijn de privacywaakhonden van mening dat er nog te weinig zekerheden zijn dat data van Europese burgers niet onderworpen zal worden aan de willekeurige massasurveillance van de NSA. Daarvoor biedt Privacy Shield te weinig waarborgen.

Ook wordt getwijfeld aan de onafhankelijkheid van de Amerikaanse ombudsman: hoe onafhankelijk is een Amerikaanse klachtbehandelaar die Europese klachten over de Amerikaanse regering behandelt? Volgens Kohnstamm worden Europeanen met het Privacy Shield 'bijna als Noord-Koreanen' behandeld: "Het hele klachtproces is enorm ondoorzichtig en we vrezen dat klachten van Europeanen niet serieus worden gehoord."

Het derde punt waar de privacyautoriteiten zijn bedenkingen bij heeft, is de manier waarop gegevens in de VS worden bewaard. In Europa geldt een wet dat data alleen wordt bewaard als dat strikt noodzakelijk is. "Zo'n bepaling zien wij niet terug in het Privacy Shield", laat Kohnstamm weten.

Lobbyen
Tegenover de kritische privacyorganisaties staat het Amerikaanse bedrijfsleven, dat afhankelijk is van data-uitwisseling tussen Europa en de VS. Zij hebben de afgelopen periode flink gelobbyt om het Privacy Shield erdoorheen te krijgen. Onder andere Microsoft steunt de datadeal.

De Europese Commissie heeft als doel om voor deze zomer het Privacy Shield rond te krijgen. Na de zomer beginnen de presidentiële verkiezingen in de VS, waardoor de aandacht van de Amerikaanse politiek vooral daarnaartoe gaat.

Het advies van de autoriteiten is ook belangrijk voor het Europees Parlement en de Europese Raad. Het Europees Parlement kan advies geven over het Privacy Shield. De Europese Raad, die bestaat uit de bestuurders van de Europese landen, moet het Privacy Shield nog officieel goedkeuren.

Bron: www.rtlz.nl

quote:

EFF Sues for Secret Court Orders Requiring Tech Companies to Decrypt Users’ Communications

quote:

San Francisco—The Electronic Frontier Foundation (EFF) filed a Freedom of Information (FOIA) lawsuit today against the Justice Department to shed light on whether the government has ever used secret court orders to force technology companies to decrypt their customers’ private communications, a practice that could undermine the safety and security of devices used by millions of people.

The lawsuit argues that the DOJ must disclose if the government has ever sought or obtained an order from the Foreign Intelligence Surveillance Court (FISC) requiring third parties—like Apple or Google—to provide technical assistance to carry out surveillance.

The suit separately alleges that the agency has failed to turn over other significant FISC opinions that must be declassified as part of surveillance reforms that Congress enacted with the USA FREEDOM Act.

EFF filed its FOIA requests in October and March amid increasing government pressure on technology companies to provide access to customers’ devices and encrypted communications for investigations. Although the FBI has sought orders from public federal courts to create a backdoor to an iPhone, it is unclear to what extent the government has sought or obtained similar orders from the FISC. The FISC operates mostly in secret and grants nearly every government surveillance request it receives.

The FBI’s controversial attempt to force Apple to build a special backdoor to an iPhone after the San Bernardino attacks underscored EFF’s concerns that the government is threatening the security of millions of people who use these devices daily. Many citizens, technologists and companies expressed similar outrage and concern over the FBI’s actions.

Given the public concern regarding government efforts to force private companies to make their customers less secure, EFF wants to know whether similar efforts are happening in secret before the FISC. There is good reason to think so. News outlets have reported that the government has sought FISC orders and opinions requiring companies to turn over source code so that federal agents can find and exploit security vulnerabilities for surveillance purposes.

Whether done in public or in secret, forcing companies to weaken or break encryption or create backdoors to devices undermines the safety and security of millions of people whose laptops and smartphones contain deeply personal, private information, said EFF Senior Staff Attorney Nate Cardozo.

“If the government is obtaining FISC orders to force a company to build backdoors or decrypt their users’ communications, the public has a right to know about those secret demands to compromise people’s phones and computers,” said Cardozo. “The government should not be able to conscript private companies into weakening the security of these devices, particularly via secret court orders.”

In addition to concerns about secret orders for technical assistance, the lawsuit is also necessary to force the government to comply with the USA FREEDOM Act, said EFF Senior Staff Attorney Mark Rumold. Transparency provisions of the law require FISC decisions that contain significant or novel legal interpretations to be declassified and made public. However, the government has argued that USA FREEDOM only applies to significant FISC decisions written after the law was passed.

“Even setting aside the existence of technical assistance orders, there’s no question that other, significant FISC opinions remain hidden from the public. The government’s narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress’ intent,’’ said Rumold. “Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law.”

For the full complaint:
https://www.eff.org/document/fisc-foia-complaint

quote:

'Geheime diensten willen chat-apps aftappen' - rtlz.nl

Met de aankomende 'aftapwet' wordt het voor de geheime diensten mogelijk om internetverkeer te onderscheppen. Daarmee wil de AIVD bijvoorbeeld gebruikers van specifieke apps in de gaten houden.

In een document dat is ingezien door de NOS vraagt het ministerie van Binnenlandse Zaken aan internetproviders om een kostenberekening te maken voor een fictieve tapopdracht. De fictieve tapopdracht bestaat uit een stad met 400.000 inwoners die een specifieke chat-app gebruiken, waarvan het internetverkeer van 200 gebruikers moet worden 'doorzocht'.

In het fictieve voorbeeld zou het kunnen gaan om gebruikers van een specifieke chat-app die populair is onder jihadisten. Er wordt dan gekeken welke ip-adressen deze app gebruiken en - indien mogelijk - met wie zij communiceren, om vervolgens nader onderzoek te verrichten en bijvoorbeeld de communicatie in te zien.

Op de vraag van RTL Z waarom het voorbeeld van een tapopdracht zich specifiek richt op een stad en chat-apps, wil het ministerie van Binnenlandse Zaken niet reageren.

Zorgt voor een sleepnet
Met de fictieve tapopdracht wordt de indruk gewekt dat de aankomende Wet op de inlichtingen- en veiligheidsdiensten voor een 'sleepnet' zorgt. Bij een sleepnet onderscheppen de geheime diensten een grote hoeveelheid data, om vervolgens de informatie te analyseren.

Minister Plasterk heeft vorige week ontkend dat er een sleepnet komt, en benadrukt dat de nieuwe wet het bijvoorbeeld mogelijk maakt om alle communicatie tussen Nederland en Syrië af te tappen. Op de vraag of de AIVD ook specifieke wijken of steden wil aftappen omdat zich daar mogelijk een terrorismeverdachte schuilhoudt, wilde Plasterk niet inhoudelijk reageren.

Alleen bij specifieke onderzoeken
Een woordvoerder van Binnenlandse Zaken benadrukt tegen RTL Z dat de tapbevoegdheid alleen bij een specifieke onderzoeksopdracht mag worden ingezet, die naast de minister ook door een onafhankelijke commissie van rechters wordt getoetst.

Het contact met internetproviders is volgens de woordvoerder verplicht omdat voor de aankomende wet een 'bedrijfseffectentoets' moet worden gehouden. Bij zo'n toets worden de potentiële kosten voor de sector in kaart gebracht.

Gaat miljoenen kosten
"Het gaat om ontzettend veel data, bijna onwerkbaar", zegt een anonieme medewerker uit de telecomindustrie die de netwerken aftapbaar moet maken, tegen de NOS. Volgens hem gaat de nieuwe wet miljoenen euro's kosten.

De afgelopen maanden zijn veel techbedrijven overgestapt op end-to-end-encryptie, waarmee communicatie wordt versleuteld. Hierdoor is het voor de geheime diensten lastiger om de afgetapte communicatie in te zien.

17:30
Bron: www.rtlz.nl

quote:

'Britse inlichtingendiensten harkten info bijeen over gewone Britten' | NOS

De Britse inlichten- en veiligheidsdiensten hebben de afgelopen vijftien jaar regelmatig bulkinformatie verzameld over gewone Britten. Die informatie had weinig toegevoegde waarde, zeggen de diensten zelf.

Dit concludeert onder andere The Guardian uit meer dan 100 beleidsdocumenten, formulieren en memo's, die openbaar zijn gemaakt tijdens een rechtszaak van privacy-activisten tegen de Britse overheid.

Sinds 1998 verzamelt de inlichtingendienst GCHQ grote bestanden met daarin bijvoorbeeld paspoortinformatie, reisschema's, financiële gegevens, telefoontjes en e-mails. De bestanden worden dan samengevoegd om daaruit 'verdachten' te filteren. Hoeveel Britten er in de bestanden van de diensten zitten, is niet bekend.

Volgens de regering wordt er altijd verantwoord met de informatie omgegaan en lopen alleen criminelen en terroristen het risico om te worden bespioneerd. Uit de documenten blijkt dat de diensten regelmatig hun boekje te buiten gaan. "We hebben gevallen meegemaakt van misbruik (...) zoals het opzoeken van een adres voor een kaartje, het controleren van paspoortgegevens of details van familie controleren voor eigen gebruik," citeert The Guardian.

De diensten krijgen binnen de huidige Britse wet veel ruimte om data te verzamelen, concluderen de activisten. "De documenten laten zien op wat voor enorme schaal de overheid onze data bij elkaar harkt," zegt Millie Graham Wood van Privacy International, dat de documenten had opgevraagd.

Bron: nos.nl

quote:

Spy Chief Complains That Edward Snowden Sped Up Spread of Encryption by 7 Years

THE DIRECTOR OF NATIONAL INTELLIGENCE on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption.

“As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years,” James Clapper said during a breakfast for journalists hosted by the Christian Science Monitor.

The shortened timeline has had “a profound effect on our ability to collect, particularly against terrorists,” he said.

When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. “The projected growth maturation and installation of commercially available encryption — what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks.”

Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no.

“From our standpoint, it’s not … it’s not a good thing,” he said.

Technologists have been tirelessly working to strengthen encryption for decades, not just the past few years. But Snowden’s revelations about the pervasiveness of mass surveillance clearly accelerated its more widespread availability.

And technologists say the threat of law enforcement “going dark” has been overhyped. For instance, there are almost always ways to hack around encryption, even if you can’t break it.

Clapper acknowledged that there is no such thing as unbreakable encryption from his perspective. “In the history of mankind, since we’ve been doing signals intelligence, there’s really no such thing, given proper time, and proper application of technology.”

quote:

Traffic to Wikipedia terrorism entries plunged after Snowden revelations, study finds | Reuters

By Joseph Menn

SAN FRANCISCO (Reuters) - Internet traffic to Wikipedia pages summarizing knowledge about terror groups and their tools plunged nearly 30 percent after revelations of widespread Web monitoring by the U.S. National Security Agency, suggesting that concerns about government snooping are hurting the ordinary pursuit of information.

A forthcoming paper in the Berkeley Technology Law Journal analyzes the fall in traffic, arguing that it provides the most direct evidence to date of a so-called “chilling effect,” or negative impact on legal conduct, from the intelligence practices disclosed by fugitive former NSA contractor Edward Snowden.

Author Jonathon Penney, a fellow at the University of Toronto’s interdisciplinary Citizen Lab, examined monthly views of Wikipedia articles on 48 topics identified by the U.S. Department of Homeland Security as subjects that they track on social media, including Al Qaeda, dirty bombs and jihad.

In the 16 months prior to the first major Snowden stories in June 2013, the articles drew a variable but an increasing audience, with a low point of about 2.2 million per month rising to 3.0 million just before disclosures of the NSA's Internet spying programs. Views of the sensitive pages rapidly fell back to 2.2 million a month in the next two months and later dipped under 2.0 million before stabilizing below 2.5 million 14 months later, Penney found.

The traffic dropped even more to topics that survey respondents deemed especially privacy-sensitive. Viewership of a presumably “safer” group of articles about U.S. government security forces decreased much less in the same period.

Penney's results, subjected to peer-review, offer a deeper dive into an issue investigated by previous researchers, including some who found a 5.0 percent drop in Google searches for sensitive terms immediately after June 2013. Other surveys have found sharply increased use of privacy-protecting Web browsers and communications tools.

Penney’s work may provide fodder for technology companies and others arguing for greater restraint and disclosure about intelligence-gathering. Chilling effects are notoriously difficult to document and so have limited impact on laws and court rulings.

More immediately, the research could aid a lawsuit filed by the American Civil Liberties Union on behalf of Wikipedia’s nonprofit parent organization and other groups against the NSA and the Justice Department.

The year-old suit argues that intelligence collection from backbone Internet traffic carriers violated the Fourth Amendment ban on unreasonable searches.

(Reporting by Joseph Menn; editing by Jonathan Weber)

Bron: mobile.reuters.com

quote:

Snowden calls for whistleblower shield after claims by new Pentagon source | US news | The Guardian

Accusations that Pentagon retaliated against a whistleblower undermine argument that there were options for Snowden other than leaking to the media


Edward Snowden has called for a complete overhaul of US whistleblower protections after a new source from deep inside the Pentagon came forward with a startling account of how the system became a “trap” for those seeking to expose wrongdoing.

The account of John Crane, a former senior Pentagon investigator, appears to undermine Barack Obama, Hillary Clinton and other major establishment figures who argue that there were established routes for Snowden other than leaking to the media.

Crane, a longtime assistant inspector general at the Pentagon, has accused his old office of retaliating against a major surveillance whistleblower, Thomas Drake, in an episode that helps explain Snowden’s 2013 National Security Agency disclosures. Not only did Pentagon officials provide Drake’s name to criminal investigators, Crane told the Guardian, they destroyed documents relevant to his defence.

Snowden, responding to Crane’s revelations, said he had tried to raise his concerns with colleagues, supervisors and lawyers and been told by all of them: “You’re playing with fire.”

He told the Guardian: “We need iron-clad, enforceable protections for whistleblowers, and we need a public record of success stories. Protect the people who go to members of Congress with oversight roles, and if their efforts lead to a positive change in policy – recognize them for their efforts. There are no incentives for people to stand up against an agency on the wrong side of the law today, and that’s got to change.”

Snowden continued: “The sad reality of today’s policies is that going to the inspector general with evidence of truly serious wrongdoing is often a mistake. Going to the press involves serious risks, but at least you’ve got a chance.”

Thomas Drake’s legal ordeal ruined him financially and ended in 2011 with all serious accusations against him dropped. His case served as a prologue to Snowden’s. Now Crane’s account has led to a new investigation at the US justice department into whistleblower retaliation at the Pentagon that may serve as an epilogue – one Crane hopes will make the Pentagon a safe place for insiders to expose wrongdoing and illegality.

“If we have situations where we have whistleblowers investigated because they’re whistleblowers to the inspector general’s office, that will simply shut down the whole whistleblower system,” Crane told the Guardian.

Crane, who has not previously given interviews, has told his explosive story in a new book, Bravehearts: Whistle Blowing In The Age of Snowden by Mark Hertsgaard, from which the Guardian is running extracts. The Guardian has partnered with Der Spiegel and Newsweek Japan on Crane’s story.

“When someone becomes a whistleblower, they’re making a serious, conscious decision,” Crane said.

“They’re making a decision that can change their lives, change their futures, impact family life, too. There needs to be this certain unbreakable trust. Confidentiality is that trust and that can’t ever be violated.”

Snowden cited Drake’s case as a reason for his lack of faith in the government’s official whistleblower channels.

“When I was at NSA, everybody knew that for anything more serious than workplace harassment, going through the official process was a career-ender at best. It’s part of the culture,” Snowden told the Guardian.

“If your boss in the mailroom lies on his timesheets, the IG might look into it. But if you’re Thomas Drake, and you find out the president of the United States ordered the warrantless wiretapping of everyone in the country, what’s the IG going to do? They’re going to flush it, and you with it.”

While Drake’s case is well known in US national security circles, its internal history is not.

In 2002, Drake and NSA colleagues contacted the Pentagon inspector general to blow the whistle on an expensive and poorly performing tool, Trailblazer, for mass-data analysis. Crane, head of the office’s whistleblower unit, assigned investigators. For over two years, with Drake as a major source, they acquired thousands of pages of documents, classified and unclassified, and prepared a lengthy secret report in December 2004 criticizing Trailblazer, eventually helping to kill the program. As far as Crane was concerned, the whistleblower system was working.

But after an aspect of the NSA’s warrantless mass surveillance leaked to the New York Times, Drake himself came under investigation and eventually indictment. Drake was suspected of hoarding documentation – exactly what inspector-general investigators tell their whistleblowers to do.

“They made it clear to keep [documents] wherever possible, and obviously properly handle anything that was classified,” Drake remembered.

Crane feared that his own colleagues had told the FBI about Drake. He suspected the Pentagon inspector general’s lead attorney, Henry Shelley, whom Crane said had earlier suggested working with the justice department about the leak, had done so. A confrontation yielded what Crane considered to be evasions.

“The top lawyer would not reveal to me whether or not Drake’s confidentiality had been compromised or not. That was a concern … Normally I expect direct answers,” Crane said.

When Drake’s attorneys sought potentially exculpatory information from the inspector general’s office, they learned that much of it had been “destroyed before the defendant was charged, pursuant to a standard document destruction policy”, according to a 2011 letter from prosecutors.

Crane was livid. All relevant regulations mandated keeping the documents, not destroying them. But a high-ranking colleague, Lynne Halbrooks, prevented Crane from investigating the document destruction. He suspected Shelley and Halbrooks of sacrificing a whistleblower and misleading the justice department and a federal judge, all in a case centering around the cover-up of NSA bulk surveillance.

Crane’s relationship with his superiors spiraled downward until they forced him out in 2013, months before Snowden’s revelations. The next year, he filed a complaint with a federal agency that works with whistleblowers, the Office of Special Counsel. In March this year, it found a “substantial likelihood” that the Pentagon inspector general’s office improperly destroyed the Drake documents and arranged, with Pentagon consent, for the justice department inspector general to investigate.

Shelley, still the Pentagon inspector general’s senior counsel, declined to answer questions but said he was “certain my name will be cleared” by the new investigation.

Halbrooks, the Office of Special Counsel and the justice department inspector general declined to comment for this story.

Bridget Serchak, a spokeswoman for the Pentagon inspector general, noted that her office and the Office of Special Counsel jointly requested the justice department investigation.

“It is important to point out that there has been no determination on the allegations, and it is unfair to characterize the allegations otherwise at this point. DoD OIG will cooperate fully with the DoJ OIG’s investigation of this matter and looks forward to the results of that investigation,” Serchak said.

Crane considers this latest inquiry a bellwether for whether the whistleblower system can reform itself in a post-Snowden era.

“Snowden responded to the way Drake was handled. The Office of Special Council investigation regarding destruction of possibly exculpatory documents regarding Drake might be the end of this saga,” Crane said.

Bron: www.theguardian.com

quote:

Eric Holder says Edward Snowden performed a 'public service'

quote:

Chicago (CNN)Former U.S. Attorney General Eric Holder says Edward Snowden performed a "public service" by triggering a debate over surveillance techniques, but still must pay a penalty for illegally leaking a trove of classified intelligence documents.
"We can certainly argue about the way in which Snowden did what he did, but I think that he actually performed a public service by raising the debate that we engaged in and by the changes that we made," Holder told David Axelrod on "The Axe Files," a podcast produced by CNN and the University of Chicago Institute of Politics.

quote:

Official correspondence reveals lack of scrutiny of MI5's data collection | UK news | The Guardian

Privacy International releases letters that it says show ‘cosy’ relationship between watchdog and intelligence operations


The watchdog that monitors interception of emails and phone calls by the intelligence services allowed MI5 to escape regular scrutiny of its bulk collection of communications data, according to newly released confidential correspondence.

A highly revealing exchange of letters from 2004 has been published by Privacy International (PI) before Monday’s parliamentary debate on the investigatory powers bill, sometimes called the snooper’s charter.

The campaign group argues that the letters demonstrate the relationship between government agencies and the independent organisation that is supposed to oversee and regulate their activities has been too “cosy”.

The correspondence has been disclosed in the course of legal action between PI and the government at the investigatory powers tribunal (IPT) which is due to be heard in full this year. The IPT deals with complaints about the intelligence services and surveillance by public bodies. GCHQ is alleged to be illegally collecting “bulk personal datasets” from the phone and internet records of millions of people who have no ties to terrorism and are not suspected of any crime.

The letters were sent by Home Office legal advisers, GCHQ and Sir Swinton Thomas, who was the interception of communications commissioner. The organisation is now called the Interception of Communications Commissioner’s Office (IOCCO).

In May 2004, a Home Office legal adviser wrote to Thomas backing an MI5 proposal that collecting bulk data from communication service providers for its “database project” be authorised under section 94 of the 1984 Telecommunications Act because, at that stage, there were no human rights implications or breach of privacy concerns. Using that act would not require a notice to be put before parliament because it could be used secretively on the grounds that “disclosure of the direction would be against the interests of national security”.

Thomas wrote back the following month, expressing reservations about such clandestine authorisation. He proposed that it would be better to use the more modern and exacting Regulation of Investigatory Powers Act 2000 (Ripa), which involves more open legal procedures and safeguards.

Related: GCHQ hacking does not breach human rights, security tribunal rules

The Home Office responded, saying that, although Ripa might be engaged, it did not think that meant it must be used. The letter continued: “The only practical difference between the two sets of provisions is if [Ripa] were used, a new notice would need to be issued every month … involving a fresh consideration of the necessity and proportionality issues. This would not be the case under section 94 [of the Telecommunications Act].”

Thomas backed down, replying that, “on reconsideration”, use of Ripa was not mandatory. He added: “I am also impressed by the considerable and, if possible to be avoided, inconvenience in following the [Ripa] procedure in the database procedures.”

GCHQ wrote to Thomas in October that year after he had visited its Cheltenham headquarters. “Huges volumes of data are acquired (about 40m bits of data a day),” it informed him. “In the interests of security and commercial confidentiality, GCHQ prefers to keep all the telephony material together in one database … to disguise its source, as the origin of some of the material is extremely sensitive.”

GCHQ also asked whether access to communications data for its databases would be lawful under the Telecommunications Act rather than the more burdensome Ripa.

Thomas said it was not a straightforward problem but eventually acquiesced, saying: “I have, therefore, reached the conclusion, not without some difficulty, that the present system for retrieval [under the Telecommunications Act] is lawful. As you say, adhering to the spirit of the legislation is important.”

The debate goes some way to explain official thinking on the legal distinction between anonymised bulk data collection and a second stage of interception where material may be matched to individuals.

The latest revelation follows an earlier release of confidential documents by PI last month that showed how GCHQ, MI5 and MI6 obtain personal data from public and private organisations, including financial institutions, the NHS, electronic petitions record databases and others.

Privacy International said the letters exemplified the “total failure” of oversight.

Caroline Wilson Palow, the organisation’s general counsel, said: “The documents demonstrate the government’s troubling history of over-reaching in order to expand its surveillance powers while minimising safeguards.

“This discussion, between lawyers for MI5 and GCHQ and the interception of communications commissioner, is also an illuminating example of how oversight can go wrong when it lacks sufficient transparency, resources and advocates for the individuals whose privacy may be violated.

“We think the commissioner’s conclusions were incorrect, permitting GCHQ to acquire communications data in bulk under a broad and secret interpretation of a power to which few safeguards attach. Indeed, the commissioner even agrees with GCHQ and MI5 that collecting our communications data from service providers would not be an interference with our privacy – a position that would likely come as a surprise to most of us and is in direct conflict with recent court decisions.”

Sir Stanley Burnton, the interception commissioner at IOCCO, said: “We have recently concluded our comprehensive review of section 94 [Telecommunications Act] directions which have been issued by secretaries of state from various government departments since the late 1990s, after taking this additional oversight on at the request of the prime minister in 2015.

“Our review has been very challenging because all the section 94 directions are subject to statutory secrecy provisions which limit severely what we are able to say publicly about them. Nevertheless, our review report sets out an extensive series of recommendations which must be implemented in order to clarify and bring consistency to the procedures in place, remedy the lack of record-keeping requirements and codified processes and ensure that we are able to undertake this additional oversight and audit of the giving and use of section 94 directions properly. Our report is due to be published at the end of June or early July.”

“We welcome and support Privacy International’s proposal for oversight bodies to be supported by public interest advocates and their calls for further transparency in these matters.”

Bron: www.theguardian.com

quote:

NSA Looking to Exploit Internet of Things, Including Biomedical Devices, Official Says

The National Security Agency is researching opportunities to collect foreign intelligence — including the possibility of exploiting internet-connected biomedical devices like pacemakers, according to a senior official.

“We’re looking at it sort of theoretically from a research point of view right now,” Richard Ledgett, the NSA’s deputy director, said at a conference on military technology at Washington’s Newseum on Friday.

Biomedical devices could be a new source of information for the NSA’s data hoards — “maybe a niche kind of thing … a tool in the toolbox,” he said, though he added that there are easier ways to keep track of overseas terrorists and foreign intelligence agents.

When asked if the entire scope of the Internet of Things — billions of interconnected devices — would be “a security nightmare or a signals intelligence bonanza,” he replied, “Both.”

“As my job is to penetrate other people’s networks, complexity is my friend,” he said. “The first time you update the software, you introduce vulnerabilities, or variables rather. It’s a good place to be in a penetration point of view.”

Bron: theintercept.com

quote:

Snooper's charter: GCHQ will be licensed 'to hack a major town'

quote:

The security services are to receive a licence for hacking into the phones and laptops of a “major town” under the snooper’s charter legislation, which reaches the House of Lords next week.

The broad nature of the hacking powers to be handed to GCHQ are disclosed in an obscure case study in a background Home Office document setting out the operational case for their use.

This shows that all the phones and laptops in a “major town” could be hacked into, as long as the town were overseas and the action were necessary for national security purposes. The example used in the case study is identifying the phones and laptops being used by a terrorist group planning an attack on Western tourists in a major town.
The stories you need to read, in one handy email
Read more

The home secretary, Theresa May, has asked the official terror law watchdog, David Anderson QC, to conduct a speedy review this summer of whether such “bulk powers” are needed by the security services, and whether the information cannot be gained by less intrusive means.

quote:

In Wisconsin, a Backlash Against Using Data to Foretell Defendants’ Futures

quote:

CHICAGO — When Eric L. Loomis was sentenced for eluding the police in La Crosse, Wis., the judge told him he presented a “high risk” to the community and handed down a six-year prison term.

The judge said he had arrived at his sentencing decision in part because of Mr. Loomis’s rating on the Compas assessment, a secret algorithm used in the Wisconsin justice system to calculate the likelihood that someone will commit another crime.

Mr. Loomis has challenged the judge’s reliance on the Compas score, and the Wisconsin Supreme Court, which heard arguments on his appeal in April, could rule in the coming days or weeks. Mr. Loomis’s appeal centers on the criteria used by the Compas algorithm, which is proprietary and as a result is protected, and on the differences in its application for men and women.

The debate in Wisconsin highlights a broader national discussion about how law enforcement officials use predictive data — including deciding which streets to patrol, identifying people at risk of being shot and calculating the likelihood of recidivism.

quote:

Snowden uit kritiek op privacywet Rusland | NU - Het laatste nieuws het eerst op NU.nl

Snowden uit kritiek op privacywet Rusland

Na zijn onthullingen over Amerikaanse en Britse afluisterpraktijken, mengt klokkenluider Edward Snowden zich nu in het privacydebat in Rusland.

Het parlement van zijn tijdelijke thuisland heeft een nieuwe "Big Brother-wet" aangenomen die "alle Russen geld en vrijheid gaat kosten, zonder de veiligheid te vergroten", schreef Snowden op Twitter.

Het parlement van zijn tijdelijke thuisland heeft een nieuwe "Big Brother-wet" aangenomen die "alle Russen geld en vrijheid gaat kosten, zonder de veiligheid te vergroten", schreef Snowden op Twitter.

ICT-expert Snowden vindt dat de wet niet moet worden ondertekend. Daarmee doet hij een indirect beroep op president Vladimir Poetin, die de wet zou kunnen tegenhouden.

Om terrorisme tegen te gaan wil Rusland onder meer telecombedrijven dwingen om gegevens langer op te slaan voor opsporingsdoeleinden.

Edward Snowden kreeg in 2014 tijdelijk asiel in Rusland, omdat hij in de VS wordt gezocht voor het openbaar maken van staatsgeheimen. Hij mag er drie jaar blijven.

Eigenlijk had hij naar Zuid-Amerika gewild, maar daar kon hij niet komen doordat de Amerikaanse autoriteiten zijn paspoort introkken. Waar hij volgend jaar naartoe zal gaan, is nog onbekend.
Bron: www.nu.nl

quote:

Germany to further curb activities of spy agency in wake of NSA scandal

quote:

Germany has approved new measures to rein in the activities of its foreign intelligence agency after a scandal over improper collusion with the US National Security Agency.

Two months after replacing the head of the BND service over the damning revelations, chancellor Angela Merkel’s cabinet signed off on the reforms to keep the country’s spies on a tighter leash.

Oversight of the spy agency directly from Merkel’s office will be beefed up with an external watchdog panel of jurists, and the list of duties the BND carries out for the NSA has been overhauled.

While intelligence-gathering from EU institutions or partner states will not be explicitly banned, it will be limited by law to “information to recognise and confront threats to internal or external security”. Economic espionage is barred.

The reforms, which require approval from parliament, are based on the findings of a government-appointed investigator into claims that the BND spied on its European allies for the NSA.

The 300-page report found the NSA had kept a long list of European government offices as targets for espionage and that the US had thus “clearly violated treaty agreements”.

The investigation was based on a review of telephone numbers and IP addresses the NSA handed to the BND’s surveillance apparatus with the request that the results to be sent back to the US.

The findings indicated that over the years the BND whittled down the list of thousands of NSA targets while still maintaining cooperation.

Germany reacted with outrage when information leaked by former NSA contractor Edward Snowden revealed in 2013 that US agents were carrying out widespread tapping worldwide, including of Merkel’s mobile phone.

Merkel, who grew up in communist East Germany where state spying on citizens was rampant, declared repeatedly that “spying among friends is not on” while acknowledging Germany’s reliance on the US in security matters.

quote:

Rechter: Microsoft hoeft niet zomaar mails vrij te geven - rtlz.nl

Ook in de digitale wereld spelen landsgrenzen nog steeds een rol, blijkt uit een uitspraak van de rechter van het Court of Appeals for the Second Circuit. Microsoft hoeft e-mails die zijn opgeslagen bij datacenters in Ierland niet over te dragen.

De Amerikaanse overheid wil informatie van een Hotmailgebruiker, wiens e-mails staan opgeslagen in een datacenter van Microsoft in Ierland. Dat mag niet, blijkt uit het oordeel.

Amerikaanse bedrijven kunnen niet zomaar gedwongen worden om data vrij te geven die in het buitenland staat opgeslagen, oordeelde het hof. De uitspraak is opvallend, want een lagere rechter oordeelde eerder het tegenovergestelde. Die oordeelde dat een Amerikaans bedrijf gewoon informatie moet overdragen als de rechter daarom vraagt, ongeacht waar de gegevens opgeslagen staan.

Microsoft was het daarmee oneens. "Wij zeggen: nee, de Ierse wet is hierop van toepassing, dus je moet eerst naar Ierse overheid. En die moet ons dan vragen of we het willen overdragen. Waarom doen we dit? Omdat we het heel belangrijk vinden dat in een digitale wereld landsgrenzen blijven gelden. Klanten moeten informatie kunnen opslaan in bepaalde regio’s, wetende dat ook echt de lokale wetgeving van toepassing is", vertelde Jochem de Groot, de public affairs-man van het bedrijf, eerder tegen RTL Z.

De multinational was de eerste Amerikaanse onderneming die de overheid uitdaagde en weigerde om zomaar gegevens over te dragen die buiten de landsgrenzen staan opgeslagen. Microsoft is niet het enige dat worstelt met de grote hoeveelheden privacygevoelige informatie die de Amerikaanse overheid opvraagt. Ook eBay, Amazon en Apple krijgen bijvoorbeeld regelmatig verzoeken.
Bron: www.rtlz.nl

quote:

Bulk data collection only lawful in serious crime cases, ECJ rules

European court ruling backs David Davis and Tom Watson and could have serious impact on so-called snooper’s charter

Retaining data from telephone calls and emails is legal only if law enforcement agencies use it to tackle serious crime, the EU’s highest court has ruled.

The preliminary finding by the influential European court of justice (ECJ) in Luxembourg came in response to a legal challenge that was brought initially by David Davis, when he was a backbench Conservative, and Tom Watson, Labour’s deputy leader, over the legality of GCHQ’s bulk interception of call records and online messages.

Davis, one of the most vociferous critics of the state’s powers to collect data on its citizens, quietly withdrew from the case after his appointment to the cabinet. Many had commented on his involvement in the case at the EU’s highest court, after he was appointed secretary of state for leaving the European Union.

In an opinion likely to be followed by the full court, the advocate general, Henrik Saugmandsgaard Øe, clarified EU law after the two MPs successfully argued in British courts that the Data Retention and Investigatory Powers Act (Dripa) 2014 was illegal.

The ECJ’s advocate general said: “Solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences … are not.” Only the data associated with calls and emails is retained not the content of messages.

The preliminary ruling appears to bring European data retention practices closer into line with the debate over the passage of the UK’s investigatory powers bill over what safeguards should be imposed for bulk interception and retention of data.

The court’s final decision will be delivered in the coming months. The vast majority of judgments follow the line set out by the advocate general.

Davis and Watson, who were supported by the Law Society, had already won a high court victory on the issue but the government appealed and the case was referred to the ECJ.

At issue was whether there are EU standards on data retention that need to be respected by member states in their domestic legislation. The result, though significant in the short term, may eventually prove academic once the UK has withdrawn from the EU and the ECJ no longer has judicial authority over the UK.

Before he became a minister under Theresa May, Davis travelled to Luxembourg this spring to hear the case being argued at the ECJ. He has argued that the British government is “treating the entire nation as suspects” by ignoring safeguards on retaining and accessing personal communications data.

The outcome of the Dripa case, which was heard by 15 European judges in Luxembourg, is likely to have a significant impact on the ultimate shape of the controversial investigatory powers bill – it has been nicknamed the snooper’s charter – now before parliament.

The case has been heard amid successive jihadi atrocities in Paris, Brussels and Nice that have reinforced political demands for the expansion of powers to intercept emails and phone calls to help catch Islamic State militants operating on the continent.

During the Luxembourg hearing, lawyers for the UK government maintained that intercepted communications had been at the heart of every terrorist case investigated by police and the security services in recent years.

quote:

Court gave NSA broad leeway in surveillance, documents show

Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information “concerning” all but four countries, according to top-secret documents.

The United States has long had broad no-spying arrangements with those four countries — Britain, Canada, Australia and New Zealand — in a group known collectively with the United States as the Five Eyes. But a classified 2010 legal certification and other documents indicate the NSA has been given a far more elastic authority than previously known, one that allows it to intercept through U.S. companies not just the communications of its overseas targets but any communications about its targets as well.

The certification — approved by the Foreign Intelligence Surveillance Court and included among a set of documents leaked by former NSA contractor Edward Snowden — lists 193 countries that would be of valid interest for U.S. intelligence. The certification also permitted the agency to gather intelligence about entities including the World Bank, the International Monetary Fund, the European Union and the International Atomic Energy Agency.

The NSA is not necessarily targeting all the countries or organizations identified in the certification, the affidavits and an accompanying exhibit; it has only been given authority to do so. Still, the privacy implications are far-reaching, civil liberties advocates say, because of the wide spectrum of people who might be engaged in communication about foreign governments and entities and whose communications might be of interest to the United States.

“These documents show both the potential scope of the government’s surveillance activities and the exceedingly modest role the court plays in overseeing them,” said Jameel Jaffer, deputy legal director for the American Civil Liberties Union, who had the documents described to him.

NSA officials, who declined to comment on the certification or acknowledge its authenticity, stressed the constraints placed on foreign intelligence-gathering. The collection must relate to a foreign intelligence requirement — there are thousands — set for the intelligence agencies by the president, the director of national intelligence and various departments through the National Intelligence Priorities Framework.

Furthermore, former government officials said, it is prudent for the certification to list every country — even those whose affairs do not seem to immediately bear on U.S. national security interests or foreign policy.

“It’s not impossible to imagine a humanitarian crisis in a country that’s friendly to the United States, where the military might be expected on a moment’s notice to go in and evacuate all Americans,” said a former senior defense official who spoke on the condition of anonymity to discuss sensitive matters. “If that certification did not list the country,” the NSA could not gather intelligence under the law, the former official said.

The documents shed light on a little-understood process that is central to one of the NSA’s most significant surveillance programs: collection of the e-mails and phone calls of foreign targets under Section 702 of the 2008 FISA Amendments Act.

The foreign-government certification, signed by the attorney general and the director of national intelligence, is one of three approved annually by the Foreign Intelligence Surveillance Court, pursuant to the law. The other two relate to counterterrorism and counterproliferation, according to the documents and former officials.

Under the Section 702 program, the surveillance court also approves rules for surveillance targeting and for protecting Americans’ privacy. The certifications, together with the National Intelligence Priorities Framework, serve as the basis for targeting a person or an entity.

The documents underscore the remarkable breadth of potential “foreign intelligence” collection. Though the FISA Amendments Act grew out of an effort to place under statute a surveillance program devoted to countering terrorism, the result was a program far broader in scope.

An affidavit in support of the 2010 foreign-government certification said the NSA believes that foreigners who will be targeted for collection “possess, are expected to receive and/or are likely to communicate foreign intelligence information concerning these foreign powers.”

That language could allow for surveillance of academics, journalists and human rights researchers. A Swiss academic who has information on the German government’s position in the run-up to an international trade negotiation, for instance, could be targeted if the government has determined there is a foreign-
intelligence need for that information. If a U.S. college professor e-mails the Swiss professor’s e-mail address or phone number to a colleague, the American’s e-mail could be collected as well, under the program’s court-approved rules.

Even the no-spy agreements with the Five Eye countries have exceptions. The agency’s principal targeting system automatically filters out phone calls from Britain, Canada, Australia and New Zealand. But it does not do so for their 28 sovereign territories, such as the British Virgin Islands. An NSA policy bulletin distributed in April 2013 said filtering out those country codes would slow the system down.

“Intelligence requirements, whether satisfied through human sources or electronic surveillance, involve information that may touch on almost every foreign country,” said Timothy Edgar, former privacy officer at the Office of the Director of National Intelligence and now a visiting fellow at Brown University’s Watson Institute for International Affairs.

Those efforts could include surveillance of all manner of foreign intelligence targets — anything from learning about Russian anti-submarine warfare to Chinese efforts to hack into American companies, Edgar said. “It’s unlikely the NSA would target academics, journalists or human rights researchers if there was any other way of getting information,” he said.

A spokeswoman for the NSA, Vanee Vines, said the agency may only target foreigners “reasonably believed to be outside the United States.”

Vines noted that in January, President Obama issued a policy directive stating that U.S. surveillance “shall be as tailored as feasible.” He also directed that the United States no longer spy on dozens of foreign heads of state and that sensitive targeting decisions be subject to high-level review.

“In short, there must be a particular intelligence need, policy approval and legal authorization for U.S. signals intelligence activities, including activities conducted pursuant to Section 702,” Vines said.

On Friday, the Office of the Director of National Intelligence released a transparency report stating that in 2013 the government targeted nearly 90,000 foreign individuals or organizations for foreign surveillance under the program. Some tech-
industry lawyers say the number is relatively low, considering that several billion people use U.S. e-mail services.

Still, some lawmakers are concerned that the potential for intrusions on Americans’ privacy has grown under the 2008 law because the government is intercepting not just communications of its targets but communications about its targets as well. The expansiveness of the foreign-powers certification increases that concern.

In a 2011 FISA court opinion, a judge using an NSA-provided sample estimated that the agency could be collecting as many as 46,000 wholly domestic e-mails a year that mentioned a particular target’s e-mail address or phone number, in what is referred to as “about” collection.

“When Congress passed Section 702 back in 2008, most members of Congress had no idea that the government was collecting Americans’ communications simply because they contained a particular individual’s contact information,” Sen. Ron Wyden (D-Ore.), who has co-sponsored ­legislation to narrow “about” collection authority, said in an e-mail to The Washington Post. “If ‘about the target’ collection were limited to genuine national security threats, there would be very little privacy impact. In fact, this collection is much broader than that, and it is scooping up huge amounts of Americans’ wholly domestic communications.”

Government officials argue that the wholly domestic e-mails represent a tiny fraction — far less than 1 percent — of the volume collected. They point to court-
imposed rules to protect the privacy of U.S. persons whose communications are picked up in error or because they are in contact with foreign targets.

In general, if Americans’ identities are not central to the import of a communication, they must be masked before being shared with another agency. Communications collected from companies that operate high-volume cables — instead of directly from technology firms such as Yahoo or Google — are kept for two years instead of five. Some of the most sensitive ones are segregated and may not be used without written permission from the NSA director.

Privacy advocates say the rules are riddled with exceptions. They point out that wholly domestic communications may be kept and shared if they contain significant foreign intelligence, a term that is defined broadly, or evidence of a crime. They also note that the rules allow NSA access to certain attorney-client communications, pending review by the agency’s general counsel.

Jennifer Granick, the director of civil liberties at the Stanford Center for Internet and Society, expressed concern about the prospect of capturing e-mails and phone calls of law-abiding foreigners. “The breadth of the certification suggests that the court is authorizing the government to spy on average foreigners and doesn’t exercise much if any control beyond that,” she said.

Some former officials say that the court’s role has been appropriately limited when it comes to foreign targeting decisions, which traditionally have been the purview of the executive branch. The court generally has focused on ensuring that domestic surveillance is targeted at foreign spies or agents of a foreign power.

“Remember, the FISA court is not there to protect the privacy interests of foreign people,” the former defense official said. “That’s not its purpose, however noble the cause might be. Its purpose is to protect the privacy interests of persons guaranteed those protections under the Constitution.”

The only reason the court has oversight of the NSA program is that Congress in 2008 gave the government a new authority to gather intelligence from U.S. companies that own the Internet cables running through the United States, former officials noted.

Edgar, the former privacy officer at the Office of the Director of National Intelligence, said ultimately he believes the authority should be narrowed. “There are valid privacy concerns with leaving these collection decisions entirely in the executive branch,” he said. “There shouldn’t be broad collection, using this authority, of foreign government information without any meaningful judicial role that defines the limits of what can be collected.”

quote:

Frankrijk wil encryptie op Europees niveau aanpakken: kan dat zomaar? - rtlz.nl

In de strijd tegen terrorisme wil Frankrijk beveiligde chat-apps aanpakken, zoals WhatsApp en Telegram. Daarvoor wil het een Europees initiatief starten, terwijl Europa juist kritisch is op privacyinbreukmakende maatregelen.

Sinds de onthullingen van Edward Snowden over de afluisterpraktijken door geheime diensten zijn techbedrijven actief encryptie door aan het voeren. Het belangrijkste voorbeeld daarvan is WhatsApp, dat enkele maanden geleden end-to-end-encryptie voor meer dan een miljard mensen inschakelde. Hierdoor worden berichten zodanig versleuteld dat ze alleen door de ontvanger kunnen worden ingezien - en niet door WhatsApp of een derde partij.

De Franse minister van Binnenlandse Zaken, Bernard Cazeneuve, zegt dat de inlichtingendiensten veel last hebben van de toenemende mate van versleutelde communicatie. "Veel berichten gerelateerd aan het uitvoeren van terroristische aanvallen worden met encryptie verstuurd, en dat is een belangrijk probleem binnen de strijd tegen terrorisme", aldus Cazeneuve tegen Reuters.

Volgens Cazeneuve gebruikte de man die vorige maand de keel van een Franse priester doorsneed de chat-app Telegram om met sympathisanten te communiceren. Telegram is een populaire chat-app bij IS-sympathisanten: via openbare kanalen delen IS'ers regelmatig hun ervaringen en gedachten met geïnteresseerden. In tegenstelling tot WhatsApp is de end-to-end-encryptie bij Telegram optioneel.

Het is nog onduidelijk hoe Cazeneuve encryptie wil aanpakken. Dat kan bijvoorbeeld met een speciale ingang waarmee inlichtingendiensten toegang krijgen tot versleutelde communicatie. Dit wordt ook wel een achterdeurtje genoemd. Op 23 augustus praat Cazeneuve met zijn Duitse collega Thomas de Maizière over het opzetten van een Europees plan om encryptie op internationaal niveau aan te pakken.

Europa heeft nog geen officieel standpunt ingenomen over encryptie, maar volgens privacyonderzoeker Axel Arnbak van de Universiteit van Amsterdam blijkt uit recente Europese wetten dat encryptie vaak als een basisrecht wordt gezien.

De Europese privacytoezichthouder zei in juli van dit jaar (pdf) dat Europeanen end-to-end-encryptie mogen gebruiken om hun communicatie te beveiligen. Het inbouwen van een achterdeurtje zou volgens de privacytoezichthouder zelfs illegaal moeten zijn.

Arnbak verwacht dat Europa volgend jaar met een eerste wetgevingsvoorstel voor de ePrivacy-richtlijn komt, waarin staat hoe Europa over encryptie en het beveiligen van communicatie denkt. Nederland zei al eerder voor krachtige encryptie en tegen achterdeurtjes te zijn.

"De Franse minister weet waarschijnlijk niet zo veel van het internet. Hij ziet een probleem, encryptie, en denkt dat hij dat kan aanpakken zonder de bredere context te zien", aldus Arnbak. "Door encryptie te verbieden maak je cyberspionage door landen als Rusland en China gemakkelijker, en kunnen bedrijven niet meer vertrouwelijk communiceren. Je hebt in de encryptiediscussie twee keuzes: een veilig internet voor iedereen of een internet dat kwetsbaar is voor alle aanvallers."

Bron: www.rtlz.nl

quote:

The Raid

In Bungled Spying Operation, NSA Targeted Pro-Democracy Campaigner

quote:

As part of the spy mission, the NSA used its powerful global surveillance apparatus to intercept the emails and Facebook chats of people associated with a Fijian “thumbs up for democracy” campaign. The agency then passed the messages to its New Zealand counterpart, Government Communications Security Bureau, or GCSB.

One of the main targets was Fullman, a New Zealand citizen, whose communications were monitored by the NSA after New Zealand authorities, citing secret evidence, accused him of planning an “an act of terrorism” overseas.

But it turned out that the claims were baseless — Fullman, then 47, was not involved in any violent plot. He was a long-time public servant and peaceful pro-democracy activist who, like the New Zealand and Australian governments at that time, was opposed to Fiji’s authoritarian military ruler Frank Bainimarama.

Details about the surveillance are contained in documents obtained by The Intercept from NSA whistleblower Edward Snowden. More than 190 pages of top-secret NSA logs of intercepted communications dated between May and August 2012 show that the agency used the controversial internet surveillance system PRISM to eavesdrop on Fullman and other Fiji pro-democracy advocates’ Gmail and Facebook messages. Fullman is the first person in the world to be publicly identified as a confirmed PRISM target.

At the time of the spying, New Zealand’s surveillance agency was not permitted to monitor New Zealand citizens. Despite this, it worked with the NSA to eavesdrop on Fullman’s communications, which suggests he is one of 88 unnamed New Zealanders who were spied on between 2003 and 2012 in operations that may have been illegal, as revealed in an explosive 2013 New Zealand government report.

quote:

Op dinsdag 16 augustus 2016 18:21 schreef Bram_van_Loon het volgende:
Deze mensen zijn zo extreem een fossiel dat ze niet begrijpen dat gebruikers dan open standaarden van encryptie gebruiken voor het privacygevoelige verkeer, met of zonder toestemming van de overheid.

quote:

Researcher Grabs VPN Password With Tool From NSA Dump

quote:

Cisco has already warned customers about two exploits found in the NSA-linked data recently dumped by hackers calling themselves The Shadow Brokers. Now, researchers have uncovered another attack included in the cache, which they claim allows the extraction of VPN passwords from certain Cisco products—meaning hackers could snoop on encrypted traffic.

Security researcher Mustafa Al-Bassam first documented the hacking tool, which uses the codename BENIGNCERTAIN, in a blog post published Thursday. He coined the attack “PixPocket” after the hardware the tool targets: Cisco PIX, a popular, albeit now outdated, firewall and VPN appliance. Corporations or government departments might use these devices to allow only authorised users onto their network.

quote:

alleen tot meer polarisatie leiden en dus meer geweld.

Independent review of draft terrorism laws says there is strong case for allowing police and spy agencies to gather private data

The bulk collection of personal data by British spy agencies is vital in preventing terrorist attacks, an independent review of draft security legislation has found.

David Anderson QC, the independent reviewer of terrorism legislation, concluded that laws giving MI5, MI6 and GCHQ the right to gather large volumes of data from members of the public had a “clear operational purpose”.

The main findings were welcomed by the prime minister, Theresa May, but have prompted concern from Labour and privacy campaigners.

Andy Burnham, the shadow home secretary, said it was concerning that May had not accepted Anderson’s recommendation for an advisory panel on technology.

“She and the home secretary must accept the report in its entirety and deliver on the separate concessions extracted by Labour in the Commons – tougher restrictions on the use of internet connection records and stronger protections for journalists and lawyers,” Burnham said.

Liberty said the review itself had failed to bolster government and security agency claims in favour of bulk powers. “The report provides no further information to justify the agencies’ vague and hypothetical claims and instead invites the public to ‘trust us’. Post-Chilcot, this won’t wash – hard evidence is required instead,” said Bella Sankey, the pressure group’s policy director.

Last November , in her role as home secretary, May produced a draft of the communications data bill, which would give police and spies broad investigative powers they say are vital to help protect the public from criminals, paedophiles and terrorism.

Anderson’s report, published on Friday, said bulk powers “play an important part in identifying, understanding and averting threats in Great Britain, Northern Ireland and further afield”. The techniques were used across the range of agency activity, from cyber-defence, counter-espionage and counter-terrorism to child sexual abuse and organised crime, the review found.

It concluded that there was a “proven operational case” for three of the four powers examined, and a distinct “though not yet proven” operational case for the fourth. Anderson described the pace of technological change as “breathtaking”.

His inquiry recommended that a panel of independent academics and industry experts be appointed to advise on the impact of changing technology, and how the intelligence agencies could reduce the “privacy footprint” of their activities.

quote:

OM: versleutelde diensten als WhatsApp steeds groter probleem | NOS

Het Openbaar Ministerie heeft steeds meer last van versleuteling, waardoor berichten van verdachten niet of nauwelijks kunnen worden ontcijferd. Dat zegt officier van justitie Martijn Egberts tegen de NOS. Ook de AIVD worstelt met versleutelde communicatie, laat een woordvoerder weten.

Het OM wil graag toch toegang tot versleutelde informatie. "Wat wij het liefst zouden zien is dat we, na toetsing door een rechter, toch bij die versleutelde informatie zouden kunnen", zegt Egberts. Dat zou kunnen betekenen dat bedrijven als WhatsApp toegang zouden moeten geven tot versleutelde berichten van gebruikers. WhatsApp zegt dat dat op dit moment niet mogelijk is.

Egberts trekt daarbij de vergelijking met de telefoontap. Hij wijst erop dat het aftappen van telefoonverkeer overal ter wereld al tientallen jaren mogelijk is. "Het is toch wel opmerkelijk dat er nu zo veel manieren zijn om te communiceren zonder dat de overheid toegang kan krijgen." Overigens staat Nederland bekend als een land dat relatief snel naar de telefoontap grijpt.

Meer en meer apps bieden versleutelde communicatie aan, en telefoons zijn vaak standaard versleuteld. Bij versleuteling wordt informatie wiskundig door elkaar gehusseld, zodat onbevoegden bestanden en appjes niet kunnen bekijken. Communicatie wordt steeds vaker 'end-to-end' versleuteld, waarbij alleen de verzender en ontvanger kunnen meelezen, en zelfs de maker van de app geen toegang heeft tot de inhoud van berichten. Sinds dit voorjaar doet het populaire WhatsApp dat standaard.

Dat heeft veel voordelen. "Versleuteling maakt het internet voor ons allemaal veiliger", zegt Rejo Zenger van burgerrechtenbeweging Bits of Freedom. Versleutelde laptops kunnen door dieven niet worden uitgelezen en sterke encryptie maakt meelezen door hackers met kwade bedoelingen veel moeilijker. Daar is het OM het overigens mee eens. "Bedrijven en burgers moeten veilig kunnen communiceren", zegt Egberts.

Maar de politie en geheime diensten klagen dat versleuteling hen het werk moeilijker maakt: ook zij kunnen niet meer meelezen. Volgens Egberts gebeurt het dat onderzoeken stuklopen doordat verdachten encryptie gebruiken. "In het overgrote deel van onderzoeken naar georganiseerde misdaad komen we encryptie tegen, die het moeilijker maken om op te sporen", zegt Egberts. "Dan moet je denken aan liquidaties, afpersingen, drugszaken en kinderporno."

Woensdag brachten de Verenigde Naties een rapport uit waarin experts aanstippen dat zelfs de meest geavanceerde inlichtingendiensten niet meer bij grote hoeveelheden communicatie kunnen. Daar staat tegenover dat bijvoorbeeld de aanslagplegers die in november een bloedbad aanrichtten in Parijs zonder versleuteling communiceerden, maar dat die aanslag niet kon worden voorkomen.

De roep om versleuteling aan banden te leggen klinkt luider sinds de recente aanslagen in Europa. De Franse minister van Binnenlandse Zaken pleit voor Europese maatregelen; dinsdag overlegt hij daarover met zijn Duitse collega. Ook Egberts van het Openbaar Ministerie pleit voor een Europese aanpak. "Het is de vraag of we toegang kunnen krijgen tot versleutelde informatie", zegt Egberts. "Er is geen simpele oplossing voor. Maar we zullen in elk geval in internationaal verband moeten praten over de vraag hoe we dit probleem het hoofd kunnen bieden."

Het omzeilen van encryptie is technisch ingewikkeld en ligt gevoelig. Een van de opties is om verdachten te hacken, zodat berichten kunnen worden onderschept voordat de encryptie wordt opgezet. Het kabinet wil dat al langer mogelijk maken. Maar dat levert op zichzelf ook weer privacybezwaren op; volgens critici is een hack een veel grotere privacy-inbreuk dan een telefoontap.

Een andere optie is om een achterdeurtje in te brengen in encryptie: de geheime diensten en de politie zouden dan een soort digitale loper kunnen krijgen om alsnog verkeer uit te lezen. Ook zouden chat-apps en telefoonbedrijven de opdracht kunnen krijgen om encryptie in bepaalde gevallen helemaal uit te schakelen.

"Dat is een heel slecht idee", zegt hoogleraar computerbeveiliging Michel van Eeten van de TU Delft. "Het verleden wijst uit dat dit soort achterdeurtjes misbruikt worden. Niet alleen door overheden, maar ook door criminelen, die de achterdeurtjes ontdekken." Van Eeten snapt de wens van overheden. "Maar als je encryptie verzwakt, doe je dat ook voor de 99 procent die geen kwaad in de zin heeft."

Dat vindt ook Bits of Freedom. "Het zou toch bizar zijn als de overheid de beveiliging van het internet omlaag wil schroeven?", vraagt Zenger van die organisatie zich af. "Daarmee zouden ze het werk van criminelen juist makkelijker maken." Die criminelen kunnen dan immers makkelijk bij gegevens van burgers, is de gedachte. Dat was dan ook de reden dat Apple niet wilde meewerken toen de FBI toegang wilde tot de telefoon van de San Bernandino-schutter.

Ook de Europese privacywaakhond EDPS keert zich tegen het afzwakken van encryptie. Achterdeurtjes zouden moeten worden verboden en onkraakbare encryptie moet worden toegejuicht, aldus die organisatie.

Overigens zegt het kabinet in te zien dat goede encryptie van belang is, en dat het geen voorstander is van het afzwakken van encryptie. Maar tegelijkertijd zegt het kabinet in een rapport dat het een 'antwoord' wil hebben op encryptie waardoor communicatie van terroristen niet meer kan worden ingezien.

Wat dat antwoord precies is, wordt niet vermeld. Maar er liggen al een tijdje wetsvoorstellen klaar die de politie in staat stellen verdachten te laten hacken en waarmee de geheime diensten op veel grotere schaal mogen aftappen. De Raad van State en het parlement moeten zich daar nog over buigen.

Bron: nos.nl

SPOILER

Om spoilers te kunnen lezen moet je zijn ingelogd. Je moet je daarvoor eerst gratis Registreren. Ook kun je spoilers niet lezen als je een ban hebt.

quote:

New Zealand MP complains emails are being blocked - BBC News

The Speaker of New Zealand's parliament is investigating a complaint that MPs' emails are being screened and, in some cases, blocked.

The discovery was made by Chris Hipkins of the opposition Labour Party when he tried to send a message to a journalist, the New Zealand Herald reports. According to Mr Hipkins, the email was blocked by the parliamentary mail service because it contained "sensitive words". Further investigation among Labour staff found other instances where emails were filtered in recent weeks.

The email in question contained a document obtained under the Official Information Act, which previously had a government security classification, Radio New Zealand reports. Parliamentary Services, which manages MPs' emails, said the message was stopped because it was being sent to an address outside the government's secure system and contained trigger words.

"That's outrageous, they have no right to be screening emails sent by members of parliament," says Mr Hipkins.

One of the "sensitive words" which caused this particular mail to be filtered was the word "sensitive", according to Stuff.co.nz. But Mr Hipkins seems unamused by this ironic turn of events, and says the filtering is "a clear breach of parliamentary privilege".

"What they have done is tipped us off to the fact that they're monitoring what we're sending in our emails, which is completely unacceptable," he says, raising the memory of a previous scandal in 2013 when emails between MP Peter Dunne and a journalist were wrongly given to a ministerial inquiry. That affair resulted in the head of Parliamentary Services resigning from his post.

Speaker David Carter will deliver a report to parliament regarding the complaint on 14 September.

Bron: www.bbc.com

quote:

Kabinet trekt 20 miljoen uit voor aftappen internet door AIVD - rtlz.nl

De 20 miljoen euro wordt genoemd in de Rijksbegroting van het ministerie van Binnenlandse Zaken en Koninkrijksrelaties, en wordt mede verdeeld onder d ministeries van Defensie en Algemene Zaken. Het bedrag is 5 miljoen hoger dan werd begroot: de geheime dienst verwachtte eerder dat het 15 miljoen euro nodig had om de nieuwe bevoegdheden - het op grote schaal aftappen van de internetkabel - te kunnen uitvoeren.

De AIVD mag al een gerichte tap op de kabel plaatsen, bijvoorbeeld wanneer ze een computer van een verdachte willen aftappen. Met de aankomende herziening van de Wet op de inlichtingen- en veiligheidsdiensten (Wiv) wordt het voor de geheime diensten mogelijk om het kabelverkeer op grote schaal af te tappen.

Dit betekent dat de geheime dienst bijvoorbeeld al het kabelverkeer uit een Amsterdamse wijk mag aftappen als zich daar mogelijk een terreurverdachte schuilhoudt.

Na de implementatie van de nieuwe Wiv, die nog in de Tweede Kamer moet worden behandeld en waarschijnlijk volgend jaar wordt ingevoerd, blijft de begroting voor het aftappen van het internet 20 miljoen euro. Dat is minder dan de 35 miljoen euro die het kabinet aanvankelijk berekende. Het geld wordt onder andere besteed aan het tappen op vier strategische locaties, zoals internetknooppunten en datacentra, en het opslaan en analyseren van de verkregen data.

De totale begroting van de AIVD bedraagt volgend jaar 215 miljoen en loopt tot 2020 op tot 230 miljoen per jaar.

De AIVD wil met de nieuwe Wiv vooral metadata verzamelen, zoals wie met wie communiceert en vanuit welke locatie. Metadata kunnen een gedetailleerd beeld geven van iemands leven. Daarom moet de AIVD voor tapverzoeken goedkeuring krijgen van een onafhankelijke toezichthouder bestaande uit rechters. Dat biedt volgens het kabinet voldoende waarborgen voor de privacy van burgers.

De geheime dienst benadrukt dat het niet opeens met jouw e-mails en WhatsApp-berichtjes mee gaat lezen. De geheime dienst heeft naar eigen zeggen 'niet eens de capaciteit om iedereen in de gaten te houden'.

Bron: www.rtlz.nl

quote:

'Yahoo scande miljoenen e-mails voor geheime dienst VS' | NOS

De Amerikaanse internetgigant Yahoo heeft voor een geheime dienst in de VS honderden miljoenen inkomende e-mails van de eigen klanten doorzocht, meldt Reuters. Het Britse persbureau kreeg de informatie van twee oud-medewerkers en een derde ingewijde, die allen anoniem willen blijven.

Yahoo zou gehoor hebben gegeven aan een geheime opdracht van de Amerikaanse regering om e-mails van Yahoo-accounts te scannen voor de NSA of FBI. Het bedrijf ontwikkelde daarvoor een speciaal zoekprogramma, aldus Reuters.

Het is niet bekend welke informatie de geheime dienst precies wilde hebben. Volgens de informanten moest Yahoo zoeken naar specifieke letter-, cijfer- of andere tekens in een gegeven volgorde. Het zou ook om een zin kunnen gaan.

Volgens de twee voormalige Yahoo-medewerkers ontstond er commotie in de top van het bedrijf toen Yahoo-baas Marissa Mayers besloot gehoor te geven aan de opdracht. De directeur internetveiligheid stapte vorig jaar zomer op in verband met deze kwestie.

Noch Yahoo, noch de opgestapte topman wil ingaan op de berichten over het tappen van e-mails. Yahoo wil alleen kwijt dat het bedrijf de Amerikaanse wetgeving respecteert.

Of de geheime dienst ook andere internetbedrijven heeft benaderd met dezelfde vraag, weet Reuters niet.

De Amerikaanse wetgeving staat veiligheidsdiensten toe telefoon- en internetdata op te vragen bij telecomproviders. Nadat ex-NSA-medewerker Edward Snowden enkele jaren geleden bekendmaakte hoe omvangrijk de afluisterpraktijken in werkelijkheid waren, besloot justitie het tappen te beperken.

De Yahoo-zaak, indien bevestigd, is uniek omdat alle inkomende e-mail werd doorzocht in plaats van opgeslagen bestanden, en omdat Yahoo er een speciaal zoekprogramma voor ontwikkelde.

Bron: nos.nl

quote:

FBI pakt NSA-werknemer op na diefstal supergeheime hackcodes - rtlz.nl

De FBI heeft een consultant gearresteerd die voor de NSA werkt en super geheime codes heeft gestolen. Met de gegevens zou in computersystemen van landen als Rusland, China, Iran en Noord Korea ingebroken kunnen worden.

Dat schreef de New York Times als eerste op basis van anonieme bronnen. Het ministerie van Justitie in Washington bevestigde iets later dat de aangehouden 51-jarige verdachte Harold Thomas Martin heet en afkomstig is uit de staat Maryland.

De FBI heeft zes documenten met 'gevoelige informatie' gevonden. De papieren zijn in 2014 uitgegeven door 'een Amerikaans agentschap'. Deze documenten zijn volgens de FBI zeer belangrijk en hebben betrekking op een aantal nationale veiligheidskwesties. Welke dat zijn, wilden ze niet vertellen. Daarnaast zou hij voor zo'n 1000 euro aan andere spullen hebben gejat. De Amerikaanse zender ABC zegt dat Marin tot 11 jaar gevangenisstraf riskeert.

De advocaat van Martin, James Wyda, zou tegen International Business Times hebben gezegd dat er geen bewijs tegen Martin is. "Hal Martin houdt van zijn familie en zijn land. Hij diende in het leger en is toegewijd aan de gehele staat door deze te beschermen." Voor zover bekend

De nieuwe opgepakte 'uitzendkracht' werkte voor het zelfde consultancybureau als Edward Snowden: Booz Allen Hamilton. Dit bedrijf bouwt en beheert veel operaties voor de NSA. Net zoals zijn bekende oud-collega had ook Martin vanwege zijn werk toegang tot topgeheimen van de NSA.

Snowden kwam drie jaar geleden in het nieuws na het stelen van geheime informatie van dezelfde organisatie. Later werden deze documenten doorgegeven aan journalisten, waardoor duidelijk werd hoe de NSA wereldwijd online communicatie in de gaten houdt door middel van het programma PRISM.

Bron: www.rtlz.nl

quote:

'Britse inlichtingendiensten hebben tien jaar lang wet overtreden' | NOS

De Britse inlichtingendiensten hebben ruim tien jaar lang privacywetgeving overtreden bij het verzamelen van data over Britse burgers. Dat oordeelt de toezichthouder in Groot-Brittannië, de Investigatory Powers Tribunal.

Het orgaan, dat in Groot-Brittannië de enige partij is die de praktijken van de inlichtingendiensten onder de loep kan nemen, stelt dat er jarenlang informatie werd vergaard zonder goede voorwaarden en toezicht.

De toezichthouder keek naar de manier waarop de drie inlichtingendiensten communicatie van burgers verzamelde: dat gaat over wie, waar, wanneer, hoe en met wie. De inhoud van de berichten wordt niet gevolgd. Volgens de deskundigen van de diensten is deze informatie nodig bij het identificeren van verdachten.

De Inlichtingendiensten gingen de mist in bij de wijze waarop de informatie zou moeten worden verwerkt en beheerd, stelt de toezichthouder. Zij hebben hierdoor de Europese Verklaring voor de Rechten van de Mens geschonden.

In artikel 8 staat dat alle burgers recht hebben op een privé-leven. Inbreuk daarop moet terecht zijn en daar zou nu geen sprake van zijn.

De gevolgen van deze uitspraak zijn nog onduidelijk. De zaak was aangespannen door Privacy International, een organisatie die opkomt voor de privacy van burgers.

Bron: nos.nl

quote:

Labour peers under fire for backing expansion of surveillance powers

quote:

Privacy campaigners have expressed anger over a vote by 64 Labour peers to back an expansion of state surveillance powers, within hours of a ruling by top judges that the spying agencies unlawfully scooped up personal confidential information on a massive scale for more than a decade.

The Labour peers voted with the government to ensure that major new powers are handed to the security services to get access to records tracking every citizen’s web use for the past 12 months.

The Liberal Democrat attempt to delete the powers to order the collection and storage of the new internet connection records from the investigatory powers bill in the House of Lords was voted down by 75 to 292.

It was notable that neither the former Labour home secretary Lord Blunkett nor the new shadow attorney general, and former Liberty director, Lady Chakrabarti, took part in the vote. The 64 Labour peers who voted with the government included frontbench spokespersons, Lady Hayter and Lord Rosser and the party’s chief whip, Lord Bassam.

The vote came just hours after the ruling by the investigatory powers tribunal, the only court to hear complaints against MI5, MI6 and GCHQ, that the security services had until 2015 secretly and illegally collected huge volumes of confidential data of millions of British citizens without adequate or safeguards.

The Labour peers’ vote also contrasted with a sharp attack on the investigatory powers bill by the shadow home secretary, Diane Abbott, who described it as “draconian” and said the ruling demonstrated why it needed amending.

“The latest ruling from the investigatory powers tribunal should be a sharp reminder that we should not lightly hand over powers to the security services and police and that greater accountability is needed. The government’s bill needs amending in all these areas,” said Abbott, who has sharpened Labour’s approach to the bill since the party abstained on its Commons second reading.

The Lib Dem Lord Paddick said: “Labour’s decision not to back us in opposing this huge intrusion into our privacy shows once and for all that they cannot claim to be the party of civil liberties, regardless of who sits on their benches.

“Internet connection records are ill-conceived and disproportionate and no doubt this fight will continue in the courts.”

Jim Killock, the Director of the Open Rights Group also strongly criticised the Labour peers. He said: “Labour did not table any serious amendments to this draconian legislation in the House of Lords. Labour is simply failing to hold the government to account.

“The Labour Lords had an opportunity to improve the IP bill and make it closer to becoming a surveillance law fit for a democracy not a dictatorship. They could have called for proposals to record UK citizens’ web browsing history to be scrapped or demanded that the police need independent authorisation to access our data.”

But Labour’s leader in the Lords, Angela Smith told the Guardian: “It’s pretty rich for the Lib Dems to question our peers over this, when a number of their own side also voted against the amendment. It’s also the case that we were voting to protect a concession achieved earlier in the day – and which follows our general strategy towards the bill, to try and improve it wherever necessary.

“The impressive work of Labour colleagues in the Commons during the report stage there and our own shadow home affairs team in the Lords has contributed significantly to the government’s tabling of over 300 amendments to its own bill – including on greater safeguards against abuse,” Lady Smith said.

“Appalling as the tribunal ruling is, it is historic and the regimes used to hold and collect data since 2015 have been legal and appropriate. This bill updates and improves the framework used by agencies and the way existing investigatory powers are authorised. It also enables, for the first time, judicial commissioners to veto warrant approvals made by the home secretary.”

The peers secured a concession that access to web browsing histories should not be given to the police involved in investigations into offences that carried a prison sentence of less than 12 months. The government had proposed the threshold should be six months.

quote:

'Extreme surveillance' becomes UK law with barely a whimper

Investigatory Powers Act legalises range of tools for snooping and hacking by the security services

A bill giving the UK intelligence agencies and police the most sweeping surveillance powers in the western world has passed into law with barely a whimper, meeting only token resistance over the past 12 months from inside parliament and barely any from outside.

The Investigatory Powers Act, passed on Thursday, legalises a whole range of tools for snooping and hacking by the security services unmatched by any other country in western Europe or even the US.

The security agencies and police began the year braced for at least some opposition, rehearsing arguments for the debate. In the end, faced with public apathy and an opposition in disarray, the government did not have to make a single substantial concession to the privacy lobby.

US whistleblower Edward Snowden tweeted: “The UK has just legalised the most extreme surveillance in the history of western democracy. It goes further than many autocracies.”

Snowden in 2013 revealed the scale of mass surveillance – or bulk data collection as the security agencies prefer to describe it – by the US National Security Agency and the UK’s GCHQ, which work in tandem.

But, against a backdrop of fears of Islamist attacks, the privacy lobby has failed to make much headway. Even in Germany, with East Germany’s history of mass surveillance by the Stasi and where Snowden’s revelations produced the most outcry, the Bundestag recently passed legislation giving the intelligence agencies more surveillance powers.

The US passed a modest bill last year curtailing bulk phone data collection but the victory of Donald Trump in the US presidential election is potentially a major reverse for privacy advocates. On the campaign trail, Trump made comments that implied he would like to use the powers of the surveillance agencies against political opponents.

The Liberal Democrat peer Lord Strasburger, one of the leading voices against the investigatory powers bill, said: “We do have to worry about a UK Donald Trump. If we do end up with one, and that is not impossible, we have created the tools for repression. If Labour had backed us up, we could have made the bill better. We have ended up with a bad bill because they were all over the place.

“The real Donald Trump has access to all the data that the British spooks are gathering and we should be worried about that.”

The Investigatory Powers Act legalises powers that the security agencies and police had been using for years without making this clear to either the public or parliament. In October, the investigatory powers tribunal, the only court that hears complaints against MI6, MI5 and GCHQ, ruled that they had been unlawfully collecting massive volumes of confidential personal data without proper oversight for 17 years.

One of the negative aspects of the legislation is that it fails to provide adequate protection for journalists’ sources, which could discourage whistleblowing.

One of the few positives in the legislation is that it sets out clearly for the first time the surveillance powers available to the intelligence services and the police. It legalises hacking by the security agencies into computers and mobile phones and allows them access to masses of stored personal data, even if the person under scrutiny is not suspected of any wrongdoing.

Privacy groups are challenging the surveillance powers in the European court of human rights and elsewhere.

Jim Killock, the executive director of Open Rights Group, said: “The UK now has a surveillance law that is more suited to a dictatorship than a democracy. The state has unprecedented powers to monitor and analyse UK citizens’ communications regardless of whether we are suspected of any criminal activity.”

Renate Samson, the chief executive of Big Brother Watch, said: “The passing of the investigatory powers bill has fundamentally changed the face of surveillance in this country. None of us online are now guaranteed the right to communicate privately and, most importantly, securely.”

Trump’s victory started speculation that, given his warm words for Vladimir Putin, he might do a deal with the Russian president to have Snowden sent back to the US where he faces a long jail sentence. Snowden has lived in Russia since leaking tens of thousands of documents to journalists in 2013.

But Bill Binney, a former member of the NSA who became a whistleblower, expressed scepticism: “I am not sure if the relationship a President Trump would have with President Putin would be bad for Snowden.

“In Russia, he would still be an asset that maybe Putin would use in bargaining with Trump. Otherwise, Snowden does have a large support network around the world plus in the US and Trump may not want to disturb that. Also, I think any move to get Snowden out of Russia and into US courts would also open up support for at least three other lawsuits against the US government’s unconstitutional surveillance.”

quote:

'Toezicht op gebruik nieuwe aftapwet is onvoldoende' | NOS

De commissie die de geheime diensten AIVD en MIVD moet controleren bij het gebruik van de nieuwe aftapwet heeft te weinig bevoegdheden, schrijft de Raad voor de Rechtspraak in een brief (.pdf) aan minister Plasterk. Daardoor kan de commissie niet goed controleren of de geheime diensten zich aan de wet houden.

De nieuwe wet geeft de inlichtingendiensten veel meer mogelijkheden. Nu mogen ze alleen specifieke internetverbindingen afluisteren. Als het aan het kabinet ligt, krijgen ze straks ook toegang tot grote groepen internetverbindingen. Daardoor kunnen ze informatie van veel meer mensen tegelijk binnenhalen.

In het wetsvoorstel dat onlangs is ingediend wordt een nieuwe commissie in het leven geroepen: de Toetsingscommissie Inzet Bevoegdheden (TIB). Die moet vaststellen of de aftapverzoeken, ingediend door de inlichtingendiensten bij minister Plasterk, voldoen aan de wet.

De raad vraagt zich af of de TIB dit wel goed kan doen, omdat het geen toegang krijgt tot gegevens van de inlichtingendiensten. Dit betekent dat de TIB alleen het verzoek te zien krijgt en moet oordelen of dat deze aan de eisen van de wet voldoet.


Daarnaast is er volgens de raad onduidelijkheid over wie het laatste woord heeft bij de vraag of iemand mag worden afgeluisterd. Is dat de minister of de TIB? De raad wil dat hier duidelijkheid over komt.

Het advies is op een bijzondere manier tot stand gekomen. Normaal gesproken wordt de raad gevraagd om inhoudelijk te reageren op nieuwe wetsvoorstellen. Dat is dit keer niet gebeurd, schrijft de voorzitter, en dat volgens hem zeer ongebruikelijk. Vandaar dat de raad nu op eigen initiatief zijn mening geeft.

De kritiek van de Raad voor de Rechtspraak is in lijn met wat de Raad van State eerder heeft gezegd. Naast de twijfels over het toezicht, hebben de twee organen ook vraagtekens bij de bewaartermijn. De diensten mogen straks drie jaar lang aftapte gesprekken opslaan.

Dat is volgens het kabinet nodig omdat de opgeslagen gegevens misschien niet direct, maar wel later nuttig kunnen zijn. Volgens de raad is dat het verkeerde argument; de bewaartermijn moet noodzakelijk zijn en niet alleen nuttig.

Bron: nos.nl

quote:

Rechter: 'Bondsdagcommissie mag Snowden uitnodigen'

De NSA-onderzoekscommissie van de Bondsdag mag klokkenluider Edward Snowden uitnodigen om hem als getuige te kunnen ondervragen. Dat heeft het Bundesgerichtshof vandaag bepaald.

Tot nu toe heeft de CDU-SPD-meerderheid in de parlementaire commissie een verzoek om Snowden te horen tegengehouden. De rechter heeft vandaag gezegd dat ook een minderheid in de commissie een getuige mag uitnodigen. Als zo'n aanvraag wordt ingediend, moet de regering de voorwaarden creëren waaronder Snowden kan worden gehoord. Als de regering het verzoek naast zich neerlegt, kan de commissie de zaak voorleggen aan het Constitutioneel Hof.

Snowden woont in Moskou in ballingschap, de VS willen zijn uitlevering. Zijn advocaat zegt dat hij bereid is naar Duitsland te komen als zijn veiligheid kan worden gegarandeerd. Lees meer bij Spiegel Online

quote:

Tech firms seek to frustrate internet history log law - BBC News

Plans to keep a record of UK citizens' online activities face a challenge from tech firms seeking to offer ways to hide people's browser histories.

Internet providers will soon be required to record which services their customers' devices connect to - including websites and messaging apps.

The Home Office says it will help combat terrorism, but critics have described it as a "snoopers' charter".

Critics of the law have said hackers could get access to the records.

"It only takes one bad actor to go in there and get the entire database," said James Blessing, chairman of the Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others.

"You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you.

"Mistakes will happen. It's a question of when. Hopefully it's in tens or maybe a hundred years. But it might be next week."

The Investigatory Powers Bill was approved by the House of Lords on 19 November and is due to become law before the end of 2016.

Now, several virtual private network (VPN) operators have seized on its introduction to promote their offerings.

VPNs digitally scramble a user's internet traffic and send it to one of their own servers before passing it on to a site or app in a form they can make sense of. A similar process happens in reverse, helping mask the person's online activity.

As a result, instead of ISPs having a log of everywhere a customer has visited, the only thing they can provide to the authorities is the fact that a subscriber used a VPN.

"We saw a boom in Australia last year correlated to when its data retention law went into effect," Jodi Myers, a spokeswoman for NordVPN told the BBC.

"And we are already seeing an increase in inquiries from the UK."

Ms Myers said her firm had just begun offering UK-based customers extra security measures - including encrypting their data twice and sending it via two servers - to address any concerns that its standard measures were not sufficient.

"Our biggest advantage is we have a zero log policy," she added.

"Our headquarters are in Panama, which doesn't have data retention laws, so it allows us to do this.

"And even in the worst-case scenario that our servers are confiscated, there would be nothing on them because of the way they are configured."

Another VPN provider said the UK government would find it difficult to prevent the use of such workarounds.

"The legislation specifically mentions connection service providers and not just ISPs, and the assumption is that VPNs based in the UK will have to give up their logs under this law," said Caleb Chen, a spokesman for Private Internet Access.

"But as a US-based company, my legal team has advised me that we would not be under any obligation to do so.

"And even if the government were to try to take it a step further and say no UK citizen could use a VPN that was not compliant with the law, those services would still be available."

He added that the widespread use of VPNs by businesses to provide staff with remote access to their email and other work-related files would also make it difficult to restrict the technology's use.

One of the UK's smaller internet providers, Andrews & Arnold, is looking into other ways to help its users circumvent the law.

"Customers can install a Tor browser, which encrypts traffic to one of thousands of different internet connections throughout the world hiding what they are doing," said managing director Adrian Kennard.

"We are also working with a company called Brass Horn, which is planning to sell Tor-only internet access.

"In addition, we may base some of our own services outside the UK to reduce the amount of information that is logged and recorded. One possible place that we might put equipment is Iceland."

A spokeswoman for the Home Office declined to discuss ways it might tackle such efforts.

"The Investigatory Powers Bill provides law enforcement and the security and intelligence agencies with the powers they need to protect the UK and its citizens from terrorists and serious criminals, subject to strict safeguards and world-leading oversight," she said.

"Terrorists and serious criminals will always seek to avoid detection.

"To ensure they do not succeed, we do not comment publicly on the methods or capabilities available to the security and intelligence agencies."

Bron: www.bbc.com

quote:

'Duitse geheime dienst steekt 150 miljoen in kraken chat-apps' | NOS

De Duitse geheime dienst BND wil gaan proberen om de versleuteling van chat-apps zoals WhatsApp te kraken, meldt het politieke blog Netzpolitik op basis van documenten. Hiervoor trekt de dienst de komende jaren 150 miljoen euro uit.

Sinds de onthullingen van Edward Snowden in 2013 is het versleutelen van informatie steeds belangrijker geworden. WhatsApp is het bekendste voorbeeld van een dienst die berichten via end-to-end-encryptie versleutelt. Dat betekent dat niemand kan meekijken, ook het bedrijf zelf niet.

Dat geeft gewone gebruikers een prettig gevoel, maar ook criminelen en terroristen. Inlichtingendiensten zijn daar minder gelukkig mee en zouden het liefst zien dat de versleuteling wordt afgezwakt. WhatsApp wordt wereldwijd door meer dan een miljard mensen gebruikt.

Hoe de Duitse geheime dienst chat-apps zoals WhatsApp maar ook Facebook Messenger en iMessage gaat kraken, is niet duidelijk. Waarschijnlijk zullen er intern technici naar gaan kijken. Het kan ook zijn dat spionnen van de BND bij bedrijven als WhatsApp informatie over de versleuteling proberen te stelen.

Daarnaast kan een deel van het geld worden gebruikt om zogenoemde zero days te kopen. Dit zijn lekken in software die nog niet door de desbetreffende maker zijn opgelost en daardoor kunnen worden misbruikt om de software te hacken.

Er zijn gespecialiseerde bedrijven die hier continu naar zoeken en voor veel geld de informatie verkopen aan bijvoorbeeld een overheid. Naar verluidt is dat de manier geweest waarop de FBI de iPhone 5c van Syed Farook kon kraken, die vorig jaar in San Bernardino 14 mensen doodschoot.

De BND wil niet reageren op de onthullingen. De Duitse hackersconferentie CCC, die volgende maand weer wordt gehouden, noemt de strategie excessief en niet te rechtvaardigen. De socialistische partij Die Linke heeft ook kritisch gereageerd.

Bron: nos.nl

quote:

Edward Snowden backers beam calls for pardon on Washington news museum

Activists display almost 4,000 notes from backers on the side of the Newseum, an institution celebrating free speech near the White House

Edward Snowden has been the subject of several high-profile appeals this year, calling on Barack Obama to pardon the National Security Agency whistleblower and allow him to return home to the US. Writers, intelligence experts, film stars and tech tycoons have all joined the chorus.

Now the most audacious display of support for Snowden is under way. Messages calling for his pardon are being beamed on to the outside wall of the Newseum, the Washington institution devoted to freedom of speech and the press that stands less than two miles from the White House.

The event is a guerrilla action carried out without the knowledge or approval of the Newseum itself, though the organisers of the stunt from the Pardon Snowden campaign are hoping they will be given a sympathetic reception.

“We sincerely hope that the Newseum supports what we are doing as an affirmation of the significance of a free press,” Noa Yachot, the campaign’s director, told the Guardian before the event.

Almost 4,000 messages backing Snowden’s decision to expose mass government surveillance of emails and phone calls have been gathered by the campaign, from across the US and around the world.

The messages include this one, from Casey: “I’m a 69-year-old vet and applaud your guts, we owe you lots and let’s hope you can come home to your family and friends.”

And this, from Tess: “Ed, I’m on your side. You’re a hero and an example of what it means to be an American. Thank you for making such an incredible sacrifice in order that we might move a bit more toward the truth.”

Frank offers: “True patriotism: speaking up when your government loses its moral compass.”

The messages are being projected onto the 74ft-high marble tablet that is attached to the facade of the Newseum and which has the words of the first amendment carved into it.

Written in 1791 as part of the bill of rights, it states: “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”

Saturday night’s action in Washington comes at a critical time for Snowden, who remains in exile in Russia where he has been granted asylum, having been charged in the US with offences under the Espionage Act.

Obama has less than six weeks left in office, meaning that if he is to use his power to pardon the whistleblower or extend some other form of leniency that would allow him to come home, he has to do so quickly.

Obama’s successor, President-elect Donald Trump, has hinted that he would sooner see Snowden executed than pardoned.

Yachot said the Newseum had been chosen as the location of the guerrilla action as a way of highlighting Snowden’s careful and responsible use of global news organisations as a way of disseminating his leaks.

“Snowden’s work with journalists, including the Guardian, enabled the release of information into the public domain,” she said. “It showed that we need a strong and adversarial media, working with whistleblowers, to inform the public about what the government is doing without anyone’s knowledge.”

Yachot added that though time was running out, history suggested that US presidents often reserved their most contentious pardons until the last minute.

“There are only six weeks left,” she said, “but we know that controversial pardons often come at the end of a president’s term, so we are still hoping.”

quote:

NSA mag 'sleepnet'-data ongefilterd delen met andere diensten VS | NOS

De grote hoeveelheid data die de NSA verzamelt, het zogenoemde sleepnet, komt ongefilterd beschikbaar voor andere Amerikaanse inlichtingendiensten. Dat heeft de regering-Obama in zijn laatste dagen besloten.

Hierdoor krijgen veel meer overheidsdiensten toegang tot privacygevoelige informatie. Het gaat om telefoongesprekken, e-mailberichten en om communicatie via satellieten die over de hele wereld worden verzameld. In het verkeer van buitenlanders mag onbeperkt worden gezocht; voor communicatie van Amerikanen gelden strengere regels.

Tot nu toe filterde de NSA de informatie. Gegevens over onschuldige personen of irrelevante persoonlijke informatie werd daardoor niet doorgestuurd naar andere organisaties. Dat filteren gebeurt voortaan niet meer.

De verandering wordt doorgevoerd uit angst dat de NSA anders bepaalde informatie over het hoofd ziet die voor andere diensten interessant kan zijn, schrijft The New York Times. In totaal kunnen zestien diensten de informatie inzien, bijvoorbeeld de FBI, de CIA, DEA (doet onderzoek naar drugszaken) en Homeland Security.

Om een bepaalde stroom van informatie te mogen inzien, bijvoorbeeld e-mailverkeer, moet een verzoek worden ingediend. Hier is geen bevelschrift voor nodig.

Een dienst moet wel kunnen beargumenteren dat er informatie in zit die relevant kan zijn voor een onderzoek. De NSA weegt vervolgens dat verzoek.

Bron: nos.nl

quote:

Overheid wil meer invloed op Fox-IT na overname door Britten - rtlz.nl

De Nederlandse overheid is toch niet gerust op de Britse overname van cybersecuritybedrijf Fox-IT, dat staatsgeheimen beveiligt. De staat wil meer zeggenschap hebben over de bedrijfsvoering van het belangrijkste onderdeel van Fox-IT: de cryptografieafdeling.


Dat blijkt uit een brief (pdf) die de Militaire Inlichtingen- en Veiligheidsdienst (MIVD) heeft gestuurd aan Fox-IT. De tekst is gepubliceerd door NRC Handelsblad, die de brief boven water kreeg met een beroep op de Wet openbaarheid van bestuur.

De overheid wil zeggenschap over besluiten en benoemingen bij de cryptografieafdeling, genaamd Fox Crypto, en wil bij eventuele verkoopplannen als eerste de aandelen ervan kunnen verkopen. Als Fox-IT niet instemt met deze voorwaarden, zou het zijn opdrachten voor de overheid kunnen kwijtraken.

Directeur Onno Eichelsheim van de MIVD schrijft op 23 mei 2016, zo'n halfjaar na de overname door NCC Group, aan Fox-IT dat het bedrijf 'alle lopende en nieuwe' staatsopdrachten moet onderbrengen bij Fox Crypto. Dat onderdeel mag van de MIVD niet meer worden verkocht, niet fuseren, splitsen, of ontbonden worden en ook geen nieuwe bestuurders krijgen, zonder dat de minister van Defensie hier vooraf toestemming voor geeft.

Verder wil de overheid ook als eerste aandelen kunnen kopen en moet het ict-systeem van Fox Crypto worden gescheiden van Fox-IT. Als laatste voegt Eichelsheim toe dat de MIVD ogenblikkelijk op de hoogte moet worden gesteld als er 'technologie, kennis en ervaring' naar Groot-Brittannië of andere landen wordt gebracht.

Een klein deel van de 270 werknemers van Fox-IT, rond de 35 mensen, heeft toegang tot de beveiligde cryptografie-afdeling van het gebouw.

Ronald Prins, ceo van Fox-IT, zegt tegen NRC dat de onderhandelingen over deze voorwaarden nog steeds lopen, maar dat zijn bedrijf wel bereid is om mee te werken.

Eerder zei Prins tegen RTL Z dat de overname niet betekent dat staatsgeheimen in gevaar komen. "Dat je aandelen bezit in een Nederlands bedrijf betekent niet dat je hier zomaar binnen kunt lopen. Ze kunnen niet opeens zeggen: in het volgende doosje dat je voor de overheid maakt moet dit achterdeurtje zitten."

Fox-IT werd door NCC Group overgenomen voor 135 miljoen euro. Met de overname zegt Fox-IT sneller internationaal te kunnen uitbreiden. Prins is door de overname zo'n 40 miljoen euro rijker geworden.

Bron: www.rtlz.nl

quote:

Trump v US intelligence: growing feud puts NSA's legislative priority at risk

Reauthorization of measure permitting sweeping surveillance in danger as intelligence community has been blamed for leaks about Trump and Russia

The escalating feud between Donald Trump and US intelligence is now putting the top 2017 legislative priority of the intelligence agencies at risk.

At the end of the year, a broad legal authority permitting sweeping surveillance is set to expire. The National Security Agency considers the authority, known as Section 702 of the Foreign Intelligence Surveillance Act (Fisa), pivotal to fighting terrorism and stopping espionage. Civil libertarians consider the measure – the wellspring of the NSA’s Prism and “upstream” mass communications-data collection – unconstitutional.

The typical balance of power on Capitol Hill over surveillance is such that opponents of renewing Section 702 face strong political headwinds. The measure was reauthorized with minimal challenge in 2012.

Now the Republican chairman of the House intelligence committee has thrown reauthorization into question after extensive leaking about Trump and Russia that the president and his Capitol Hill allies have blamed on the US intelligence community.

Asked at a Tuesday press conference about the renewal of section 702 in light of ongoing leaks concerning Trump and Russia, Devin Nunes said, “I think it’s very problematic.”

He continued: “I’ve expressed this concern to the IC [intelligence community]. We have sent them many followup questions as it relates to intelligence that’s been collected. And we expect prompt answers. I think we also expect unprecedented answers from them of the information that we’re going to be asking for.”

First passed in 2008 to give legal cover to George W Bush-era warrantless surveillance, Section 702 permits the NSA to collect communications and associated data from targets it reasonably believes to be non-Americans overseas suspected of contact with a foreign power, even if they are in communication with Americans. The surveillance does not require a court order specifying its targets, purposes, or time frame; only the re-approval of the attorney general and the director of national intelligence.

NSA interception of communications between Russian officials or suspected operatives and Trump’s associates would not necessarily involve using Section 702. The NSA or FBI can acquire such communications under the terms of the original 1978 Fisa law. Because of a provision in the law about understanding the foreign-intelligence value of the intercepted communications, neither agency would necessarily have to purge references to Americans.

It is not only the NSA that values Section 702 ardently. FBI director James Comey last year called the surveillance activities permitted by Section 702 “far more important” than the bulk domestic phone-records data program that Congress curtailed in 2015. The FBI is permitted to warrantlessly search through the NSA’s troves of foreign-focused data with few restrictions.

Last week, as the House judiciary committee began hearings over the expiring provision, the Trump administration told Reuters it favors Section 702 reauthorization.

“We support the clean reauthorization and the administration believes it’s necessary to protect the security of the nation,” an anonymous official said.

Trump’s nominee for director of national intelligence, Dan Coats, testified that he agreed Section 702 is the “crown jewels” of US intelligence and the intelligence community “also sees it that way, the entire community”.

Throughout Barack Obama’s presidency and the Edward Snowden leaks, the vast majority of national-security-focused Republicans embraced the measure without reservation, with Republicans on the intelligence committee leading the way.

Nunes himself has been a full-throated defender of Section 702. Last year, he and colleague Lynn Westmoreland of Georgia took point in opposing a civil-libertarian effort to block it through an amendment to a defense-spending bill.

Citing the then-recent case of Orlando nightclub murderer Omar Mateen, Nunes and Westmoreland circulated a letter to colleagues claiming the loss of 702 would deprive the intelligence community of “the authorities it needs to detect and stop terrorist attacks.”

But since then, Nunes has become a crucial ally to Trump. Nunes served on Trump’s transition team, a closeness that has raised questions about Nunes’ independence as his committee investigates Trump associates’ ties to Russia.

Nunes has ardently defended Trump’s first national security adviser, Michael Flynn, and implied without evidence that the intelligence agencies abused their surveillance powers in leaking accounts of Flynn’s December conversations with Russian ambassador Sergey Kislyak that proved to be his downfall.

Trump has blamed the intelligence agencies for the leaks, in particular the FBI and NSA, and his administration has suggested that career intelligence officials are in league with former Obama officials. He has recently taken to claiming, baselessly, that Obama ordered Trump to be surveilled, an act that would be illegal if true.

“There is no evidence to support that claim” of Obama ordering Trump to be wiretapped, a US official told the Guardian over the weekend.

But Nunes has given the accusation credence. His committee on 1 March added the “possible leaks of classified information” that Trump wants investigated to its inquiry on Russian measures to interfere with the 2016 election, which the intelligence agencies publicly assessed in January were for Trump’s benefit.

“Typically we’ve had great trust with our intelligence agencies,” Nunes said on Tuesday.

“And I continue to have that trust, but we have to verify, in fact, that all of the tools that are in place, that we oversee, are being used ethically, responsibly and by the law. And if anybody has abused those, we want to know about that. And that’s part of the reason why it’s important for us to know whether or not, as some press reports have indicated, the Department of Justice or any other agency tried to get the warrant on anybody related to the Trump campaign or any other campaign for that matter.”

Adam Schiff, the top Democrat on the House intelligence committee, said the authority under Section 702 would be preserved when asked by the Guardian on Tuesday about Nunes’ comments. But he did not rule out potential reforms to the law if necessary.

“Section 702 has been a far more impactful and important counterterrorism program and tool,” Schiff said during a press conference on Capitol Hill.

“That doesn’t mean though that we shouldn’t explore whether there are ways to improve any of the protections in existing law or whether there are any changes that we need to make to the structure of the program.”

Schiff said the intelligence committee had been engaged in periodic briefings with members, given the law is poised to sunset this year. Should any questions come up in the same context that are pertinent to the Russia investigation, he added, they “ought to be answered so members understand how the program works [and] that it’s conducted in a lawful way.”

quote:

OM: 3,6 miljoen versleutelde berichten van criminelen gekraakt | NOS

De Nederlandse politie en het Openbaar Ministerie zeggen toegang te hebben gekregen tot 3,6 miljoen versleutelde berichten van criminelen. Volgens het OM zijn de berichten goed voor bewijsmateriaal in tientallen strafrechtelijke onderzoeken.

Het gaat om onderzoeken naar liquidaties, gewapende overvallen, drugshandel, witwaspraktijken, pogingen tot moord en andere vormen van georganiseerde misdaad. De berichten kunnen leiden tot grote en beslissende doorbraken in strafzaken, zegt het OM.

De berichten stonden op servers in Canada en waren van het Nederlandse bedrijf Ennetcom. In september vorig jaar kreeg het Openbaar Ministerie van een rechter in Toronto toestemming om een kopie van de servers naar Nederland te halen. Het gaat in totaal om 7 terabyte aan data. De berichten zijn naar eigen zeggen gekraakt met digitale sleutels die de opsporingsdiensten eerder in het onderzoek in handen hadden kregen.

Ennetcom wordt door het OM gezien als de grootste aanbieder van versleutelde communicatie aan criminelen in Nederland en is ook werkzaam in andere delen van West-Europa en Zuid-Amerika.

Ennetcom garandeerde zijn klanten anonimiteit, waardoor het bedrijf grote populariteit geniet. Hiervoor werd gebruikgemaakt van geprepareerde BlackBerry-telefoons met speciale software die voor 1500 euro per stuk werden verkocht. Daarnaast waren de microfoon en camera vaak uit het toestel verwijderd.

De telefoons waren uitgerust met PGP, wat staat voor Pretty Good Privacy. Deze technologie versleutelt berichten. Het gebruik hiervan is niet illegaal.

PGP is een veelgebruikte methode om veilig te communiceren en wordt niet alleen door criminelen maar ook door bijvoorbeeld journalisten en klokkenluiders gebruikt. Bij PGP worden berichten door elkaar gehusseld, zodat ze alleen leesbaar zijn voor mensen met een bepaalde encryptiesleutel.

Het netwerk bestond uit ongeveer 40.000 geregistreerde telefoons die met elkaar communiceerden en is vorig jaar april offline gehaald. De eigenaren kregen toen van de politie hierover een bericht op hun toestel. Het is niet duidelijk of al deze telefoons werden gebruikt door criminelen, het OM vermoedt van wel omdat voor zover bekend niemand gebruik heeft gemaakt van het verschoningsrecht.

De eigenaar van Ennetcom werd toen ook aangehouden, hij heeft daarna een tijdje vastgezeten en is nu weer vrij in afwachting van het vervolg van de zaak. Volgens het OM is het aannemelijk dat hij wist dat deze telefoons aan criminelen werden verkocht. Dat betekent, redeneert het Openbaar Ministerie, dat hij daarmee crimineel geld ontving, waardoor hij wordt verdacht van witwaspraktijken.

Uit een vertrouwelijk rapport van het Nederlands Forensisch Instituut bleek eind 2015 dat het instituut middelen heeft om PGP-berichten op BlackBerry-telefoons te kraken. Het NFI kon door middel van een speciale zoekmachine, die Hansken wordt genoemd, de berichten doorzoeken.

Bron: nos.nl

quote:

'NSA hackt banken en monitort internationale geldstromen'

De NSA heeft ingebroken bij banken en een partij die internationale betalingen verwerkt, waarmee de geheime dienst geldstromen in de gaten kan houden. Dat blijkt uit informatie die een hackersgroep vandaag publiceert.

Het gaat naar verluidt om dezelfde hackersgroep die eind vorig jaar al staatsgeheime malware van de NSA publiceerde: de Shadow Brokers.

De authenticiteit van deze NSA-malware is toen door onder andere NSA-klokkenluider Edward Snowden en verschillende beveiligingsexperts bevestigd.

Midden-Oosten1
Ditmaal publiceert Shadow Brokers informatie over hoe de NSA zou hebben ingebroken bij Eastnets, een bedrijf dat internationale Swift-betalingen verwerkt. Swift is het systeem waarmee banken internationale betalingen regelen.

Uit de gelekte documenten blijkt dat de NSA zich richt op banken uit de Verenigde Arabische Emiraten, Qatar en Bahrein. Ook investeringsbanken uit het Midden-Oosten komen regelmatig in het datalek voor.

Ook een Belgische bank is aangevallen, zo blijkt uit de gelekte data. Die bevatten verschillende Belgische ip-adressen bij onder andere Belgacom en Easynet.

Gelekte exploits zijn legitiem

De NSA zou hebben ingebroken via lekken in netwerkapparatuur, zoals routers en servers. Daarna hebben ze via kwetsbaarheden in de Windows-software toegang gekregen tot het Swift-systeem.

Het is niet de eerste keer dat de NSA in verband wordt gebracht met het Swift-bankensysteem. In gelekte NSA-documenten van Edward Snowden werd al beschreven hoe de geheime dienst het internationale betalingsverkeer in de gaten houdt.

Volgens beveiligingsonderzoeker Rik van Duijn van DearBytes is het lastig om met zekerheid te zeggen dat het om de NSA gaat: "Maar daar is wel een sterke indicatie voor. De gelekte hackmethoden zijn in ieder geval legitiem, en de systemen die zijn aangevallen, zoals Windows 8, zijn ook nog eens redelijk nieuw."

Van Duijn zegt dat er naar de NSA wordt gewezen omdat er opnieuw gebruik wordt gemaakt van dezelfde kwetsbaarheden die de dienst al eerder misbruikte om de een belangrijke firewall te hacken.

Financiering voor terrorisme

Het is mogelijk dat de NSA zich met name op banken uit het Midden-Oosten richt om terrorismefinanciering in de gaten te houden, zo stelt terrorisme-expert Rico Briedjal: "Je hebt geld nodig om professionele aanslagen te plannen en uit te voeren."

Briedjal snapt dan ook dat geheime diensten geïnteresseerd zijn in het analyseren van de geldstromen binnen het Midden-Oosten: "Dat is de bron van het islamitisch terrorisme, en je wilt als inlichtingendienst zo dicht mogelijk bij de bron zitten."

Swift-systeem

Het is niet de eerste keer dat het Swift-systeem wordt aangevallen. Eerder hackten criminelen de nationale bank van Bangladesh en kregen toen toegang tot het Swift-systeem. Op deze manier stalen ze 72 miljoen euro.

Swift en Eastnets hebben nog niet gereageerd op schriftelijke vragen.

quote:

NSA stopt met verzamelen mails over buitenlandse doelwitten | NOS

De Amerikaanse inlichtingendienst NSA stopt met het verzamelen van e-mails van Amerikanen waarin buitenlanders worden genoemd die onder surveillance staan.

Voortaan worden er alleen e-mails onderschept die direct naar of door zo iemand zijn gestuurd. Volgens de NSA neemt hierdoor de kans af dat mailwisselingen van burgers die verder niets met deze personen te maken hebben worden onderschept.

Ook zegt de NSA dat het de grote meerderheid van internetdata die op die manier zijn verzameld zal vernietigen. Het besluit kwam als een verrassing voor privacy-voorvechters die al langer betoogden dat de dataverzameling van de NSA te breed was en onwettig.

In 2011 oordeelde de rechter al dat de dataverzameling van de NSA een schending van de grondrechten van burgers opleverde. De geheime dienst paste toen zijn werkwijze aan en bewaarde de gegevens op een plek waar niet alle werknemers toegang toe hadden. Vorig jaar bleek dat die aanpassing niet goed werkte en daarom zou de NSA besloten hebben om helemaal met verzamelen van de data te stoppen.

Bron: nos.nl

quote:

Omstreden aftapwet AIVD na vanavond waarschijnlijk van kracht

De Eerste Kamer gaat vanavond naar verwachting de omstreden wet aannemen waarmee de AIVD het internet op grote schaal mag aftappen. De verzamelde emails en appjes mogen drie jaar worden bewaard, ook als blijkt dat ze niet van belang zijn voor het onderzoek.

Stel, in de Utrechtse wijk Zuilen houdt een terrorismeverdachte zich schuil. De AIVD weet niet precies waar en tapt de hele wijk af om informatie te verzamelen. Bingo: één van de inwoners bezoekt regelmatig extremistische websites.

Dit scenario is na vanavond, als de Eerste Kamer de nieuwe aftapwet aanneemt, toegestaan. Het is een wens van zowel de geheime dienst als het ministerie van Binnenlandse Zaken die in vervulling gaat.

Een wet uit 2002

De huidige Wet op de inlichtingen- en veiligheidsdiensten stamt uit 2002. Toen bestonden de iPhone, Facebook en WhatsApp nog niet. De wet is na vijftien jaar wel toe aan vernieuwing. Daar is zelfs de grootste criticaster Bits of Freedom, dat opkomst voor digitale burgerrechten, het mee eens.

Op dit moment mag de AIVD alleen maar een gerichte tap plaatsen, bijvoorbeeld op de internetverbinding van een laptop of telefoon. Met de nieuwe wet mag de geheime dienst ook op grote schaal het internet aftappen, zoals de hierboven beschreven stadswijk of alle internetcommunicatie tussen Nederland en Syrië.

Om op grote schaal af te tappen moet de AIVD wel altijd toestemming vragen aan een nieuwe toetsingscommissie, die bestaat uit rechters en technici.

Data over data

De AIVD verzamelt met deze internettaps metadata, zoals met wie je communiceert, waar je bent en welke sites je bezoekt. Metadata geven een gedetailleerd beeld van iemands leven, maar tonen meestal niet de inhoud van communicatie. Deze is bij onder andere WhatsApp - zowel het chatten, bellen als media delen - versleuteld met end-to-end-encryptie.

Als er aanleiding is om de inhoud van communicatie van een doelwit in te zien, kan de geheime dienst onder andere proberen om de persoon te hacken om zo de end-to-end-encryptie te omzeilen.

De AIVD krijgt drie jaar om verzamelde gegevens te doorzoeken op relevante data. Dat betekent dat gegevens van onschuldige burgers voor maximaal drie jaar in een database van de AIVD kunnen staan.

Een sleepnet

Er is veel kritiek op de nieuwe wet. Zowel de toezichthouder CTIVD als regeringsadviseur Raad van State vinden het toezicht op de nieuwe wet niet voldoende en de bewaartermijn van drie jaar te lang. Privacywaakhond Autoriteit Persoonsgegevens stelt zelfs dat de wet in strijd is met het Europees Verdrag voor de Rechten van de Mens.

"De wetenschap dat geheime diensten kunnen meeluisteren zorgt ervoor dat je wel twee keer nadenkt wat je zegt of deelt met anderen", zegt David Korteweg van Bits of Freedom. "Het leidt tot zelfcensuur en beperkt de vrijheid voor afwijkende opvattingen. Surveillance op deze schaal hoort in een vrije samenleving als Nederland niet thuis."

Aangenomen

Vannacht tussen 00.05 en 00.15 wordt er in de Eerste Kamer over de wet gestemd. De verwachting is dat de wet wordt aangenomen, vertelt politiek verslaggever Fons Lambie: "Als alle partijen uit de Tweede Kamer die voor de wet stemden vanavond opnieuw voor stemmen, dan wordt de wet gemakkelijk aangenomen."

In de Tweede Kamer stemden alleen de SP, GroenLinks, D66, Partij voor de Dieren, Groep Kuzu/Öztürk en Klein tegen. De rest van de partijen stemden voor.

quote:

Court to hear challenge to GCHQ bulk hacking of phones and computers

Privacy International, which has argued that agency’s surveillance breaches human rights, takes case to appeal court

A challenge to GCHQ’s use of non-specific warrants to authorise the bulk hacking of smartphones, computers and networks in the UK is starting at the court of appeal.

The case, brought by the campaign group Privacy International (PI), is the latest twist in a protracted battle about both the legality of bulk surveillance and the primacy of civil courts over an intelligence tribunal that operates partly in secret.

The original claim dates back to 2014 and was brought at the investigatory powers tribunal (IPT) following revelations by the American whistleblower Edward Snowden who exposed the extent of surveillance carried out by the US’s National Security Agency and the UK’s GCHQ.

The IPT hears complaints about government surveillance and the intelligence services. Some of its hearings are held behind closed doors.

PI, along with seven internet service providers, argued that computer network exploitation (CNE) carried out by GCHQ, the government monitoring station in Cheltenham, breaches human rights.

At the first hearing, Ben Jaffey QC, for PI, argued that since the 18th century the common law has opposed the use of such non-specific warrants.

In February last year, however, the IPT ruled that the legal regime under which warrants were issued for the agency to carry out equipment interference, or hacking, in the UK was compatible with the European convention on human rights. The decision said that warrants do not need to be “defined by reference to named or identified individuals”.

Frustrated at the outcome, PI launched a judicial review of the IPT’s decision in the high court because there was, effectively, no right of appeal from the tribunal. In February this year, the high court ruled in favour of GCHQ and the Foreign Office, rejecting the judicial review challenge.

On Thursday, the next stage of the legal battle goes before the court of appeal. In advance of the hearing, Scarlet Kim, a legal officer at PI, said: “The [IPT] unlawfully sanctioned the UK government’s use of sweeping powers to hack hundreds or thousands of people’s computers and phones with a single warrant. Rather than debate the necessity and proportionality of their expansive hacking powers, the government is instead arguing that the UK courts should have no jurisdiction to review the legality of the tribunal’s decisions.

“Too often, the government justifies intrusive surveillance powers by telling the public that ‘if you have nothing to hide, you have nothing to fear’. We throw that mantra back to the government: ‘If you have nothing to hide about your hacking, you have nothing to hide from our courts.’”

If PI loses the case it could be ordered to pay up to £25,000 of the government’s legal costs under a “protective costs order” that caps its liabilities. To pay for the challenge, the organisation has launched a crowdfunding appeal through the website CrowdJustice.

In its appeal, PI argues: “Hacking actually makes us less safe because it compromises the technology that is increasingly embedded into the fabric of our lives. By hacking our devices, the government is choosing to take advantage of security holes, which leaves us all more vulnerable to future cyber-attacks. By hacking, the government has deliberately chosen to make our technology less secure than it can be.”

Welcoming the IPT judgment in 2015, the then foreign secretary, Philip Hammond, said: “A proper balance is being struck between the need to keep Britain safe and the protection of individuals’ privacy.”

He added: “The ability to exploit computer networks plays a crucial part in our ability to protect the British public. Once again, the law and practice around our security and intelligence agencies’ capabilities and procedures have been scrutinised by an independent body and [have] been confirmed to be lawful and proportionate.”

quote:

U.K. Police Investigation of Snowden Leak Journalists Enters Fourth Year

A secretive British police investigation focusing on journalists who have worked with Edward Snowden’s leaked documents is still active more than four years after it was launched, The Intercept has learned.

The investigation – codenamed “Operation Curable” – is being led by a counter-terrorism unit within London’s Metropolitan Police, under the direction of the force’s chief of Specialist Operations, Mark Rowley. The Metropolitan Police confirmed the status of the investigation last week in response to a Freedom of Information Act request.

The disclosure that the probe remains active prompted criticism on Monday from the National Union of Journalists, the U.K.’s largest journalists’ organization. Sarah Kavanagh, a spokesperson for the group, said that news reports based on the Snowden documents had exposed unlawful covert surveillance activities in the public interest.

“The media are often the only group in society able to reveal the intelligence and security forces have exceeded their legitimate powers and remit,” Kavanagh said. “The Met Police should be condemned for keeping journalists under investigation because they worked on the Snowden leaks. The investigation should be halted immediately. Journalism is not a crime.”

The origins of the investigation can be traced back to May 2013, when National Security Agency contractor Snowden turned over a cache of classified documents about government surveillance to journalists including Intercept co-founder Glenn Greenwald, who was at that time working for British news organization The Guardian. Among the documents were details about mass surveillance programs operated by the U.K.’s largest spy agency, Government Communications Headquarters.

In August 2013, detectives from the Metropolitan Police used a counter-terrorism law to detain and interrogate David Miranda, Greenwald’s partner, while he was passing through London’s largest airport. Miranda was carrying a batch of encrypted Snowden documents to aid Greenwald’s reporting on the files. The police seized Miranda’s possessions – including a mobile phone, laptop, camera, and flash drives – and began a criminal investigation.

British authorities argued that publishing the Snowden files was itself a terrorist act, thereby explicitly conflating journalism with terrorism. Prior to Miranda’s arrival in London, a memo authored by the Metropolitan Police and domestic spy agency MI5 was circulated to U.K. border entry points. It asserted that “the disclosure [of the Snowden documents], or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism.”

In December 2013, one of the London force’s most senior officers, Cressida Dick, was questioned about the case during a parliamentary hearing. She acknowledged that the force’s investigation was looking at whether reporters at The Guardian had committed criminal offenses – some carrying potential 10-year prison sentences – for their role in revealing secret surveillance operations exposed in the documents. “We need to establish whether they have or haven’t [committed offences],” Dick said. “That involves a huge amount of scoping of material.”

Later, however, the Metropolitan Police attempted to keep all details about the case secret. In early 2015, the force refused to confirm or deny whether the investigation existed, and stated that revealing such details could help terrorists and be “detrimental to national security.” The force eventually backed down on this position and admitted the probe remained ongoing, following an intervention from the U.K.’s Information Commissioner’s Office, which enforces freedom of information laws in the country.

Given that the investigation has been active for more than four years, it appears likely that it has required a substantial amount of resources at a time when the Metropolitan Police has faced budget cuts and had to respond to a spate of terror attacks in London. The force has declined to provide any information about the amount of funds spent on the probe, or to disclose the number of officers working on it, insisting that it does not hold records of these details.

A spokesperson for the Metropolitan Police said in a statement that the investigation “was launched in order to protect life and national security.” The spokesperson added: “As would be as expected we do not put a time limit on an investigation, and the priority is that it is thorough and establishes all of the relevant facts. This is a complex investigation and enquiries continue. No arrests have been made to-date.”

Last year, a judge ruled that the U.K.’s counter-terrorism legislation did not sufficiently protect the rights of journalists, after Miranda sued the police for detaining him at the London airport. The judge found that Schedule 7 of the Terrorism Act – the power used to target Miranda and seize his possessions – was “not subject to adequate safeguards against its arbitrary exercise” and was “incompatible” with Article 10 of the European Convention on Human Rights, which protects the right to “receive and impart information and ideas without interference by public authority and regardless of frontiers.”

quote:

German government wants ‘backdoor’ access to every digital device: report

Germany’s Interior Minister wants to force tech and car companies to provide the German security services with hidden digital access to cars, computers, phones and more, according to a media report from Friday.

The RedaktionsNetzwerk Deutschland (RND) reported that Thomas de Maizière had written up a draft proposal for the interior minister conference, taking place next week in Leipzig, which he has called “the legal duty for third parties to allow for secret surveillance.”

According to the RND, the proposal would “dramatically extend” the state’s powers to spy on its citizens.

The Interior Minister has been motivated to propose a new law by the fact that it is becoming ever more difficult for the intelligence agencies to break through the security systems which protect privacy on digital devices.

For example, the modern locking systems on cars are so intelligent that they even warn a driver if their car is shaken a little bit. De Maizière wants the new law to ensure that these alerts would not be sent out to a car owner if the police determined it to be justified by their investigation.

But the parameters of the proposed law are reportedly much wider. De Maizière also wants the security services to have the ability to spy on any device connected to the internet. Tech companies would have to give the state "back door" access to private tablets and computers, and even to smart TVs and digital kitchen systems.

The security services would need the authorization of a judge to hack into any of these devices.

The proposal was met with astonishment by digital activists and politicians on Friday.

The draft law is “a frontal attack on the digital and physical security of all citizens,” Frank Rieger, spokesman for the Chaos Computer Club (CCC) told netzpolitik.org. “Access to the IT system of a car means danger to life and limb - it is a literal kill switch.”

“The Interior Minister's plans sounds like an Orwellian nightmare. Soon all flats in Germany will be equipped with devices which are potential wiretaps,” Konstantin von Notz, deputy faction leader of the Green Party, told Spiegel.

“We need to think really hard about the fact that we are a country with two dictatorships in its recent history. Do we want to live in a land where there is no privacy and where the state can interfere wherever it is technologically possible?” he asked.

quote:

UK mass digital surveillance regime ruled unlawful

Judges say snooper’s charter lacks adequate safeguards around accessing personal data

Appeal court judges have ruled the government’s mass digital surveillance regime unlawful in a case brought by the Labour deputy leader, Tom Watson.

Liberty, the human rights campaign group which represented Watson in the case, said the ruling meant significant parts of theInvestigatory Powers Act 2016 – known as the snooper’s charter – are effectively unlawful and must be urgently changed.

The government defended its use of communications data to fight serious and organised crime and said that the judgment related to out of date legislation. Minister Ben Wallace said that it would not affect the way law enforcement would tackle crime.

The court of appeal ruling on Tuesday said the powers in the Data Retention and Investigatory Powers Act 2014, which paved the way for the snooper’s charter legislation, did not restrict the accessing of confidential personal phone and web browsing records to investigations of serious crime, and allowed police and other public bodies to authorise their own access without adequate oversight.

The three judges said Dripa was “inconsistent with EU law” because of this lack of safeguards, including the absence of “prior review by a court or independent administrative authority”.

Responding to the ruling, Watson said: “This legislation was flawed from the start. It was rushed through parliament just before recess without proper parliamentary scrutiny.

“The government must now bring forward changes to the Investigatory Powers Act to ensure that hundreds of thousands of people, many of whom are innocent victims or witnesses to crime, are protected by a system of independent approval for access to communications data. I’m proud to have played my part in safeguarding citizens’ fundamental rights.”

Martha Spurrier, the director of Liberty, said: “Yet again a UK court has ruled the government’s extreme mass surveillance regime unlawful. This judgement tells ministers in crystal clear terms that they are breaching the public’s human rights.”

She said no politician was above the law. “When will the government stop bartering with judges and start drawing up a surveillance law that upholds our democratic freedoms?”

The Home Office announced a series of safeguards in November in anticipation of the ruling. They include removing the power of self-authorisation for senior police officers and requiring approval for requests for confidential communications data to be granted by the new investigatory powers commissioner. Watson and other campaigners said the safeguards were “half-baked” and did not go far enough.

The judges, headed by Sir Geoffrey Vos, declined to rule on the Home Office claim that the more rigorous “Watson safeguards” were not necessary for the use of bulk communications data for wider national security purposes.
The judges said the appeal court did not need to rule on this point because it had already been referred to the European court of justice in a case which is due to be heard in February.

Watson launched his legal challenge in 2014 in partnership with David Davis, who withdrew when he entered the government as Brexit secretary in 2016. The European court of justice ruled in December 2016 that the “general and indiscriminate retention” of confidential personal communications data was unlawful without safeguards, including independent judicial authorisation.

Security minister Ben Wallace responded to the ruling saying: “Communications data is used in the vast majority of serious and organised crime prosecutions and has been used in every major security service counter-terrorism investigation over the last decade. It is often the only way to identify paedophiles involved in online child abuse as it can be used to find where and when these horrendous crimes have taken place.”

He said the judgment related to legislation which was no longer in force and did not change the way in which law enforcement agencies could detect and disrupt crimes.

“We had already announced that we would be amending the Investigatory Powers Act to address the two areas in which the court of appeal has found against the previous data retention regime. We welcome the fact that the court of appeal ruling does not undermine the regime and we will continue to defend these vital powers, which Parliament agreed were necessary in 2016, in ongoing litigation,” he said.

quote:

UK has six months to rewrite snooper's charter, high court rules

Judges say Investigatory Powers Act is incompatible with EU law after legal challenge by Liberty

The British government must rewrite its mass data surveillance legislation because it is incompatible with European law, the high court has ruled.

Judges have given ministers and officials six months to redraft the 2016 Investigatory Powers Act, labelled the snooper’s charter by critics, following a crowdfunded challenge by the human rights group Liberty.

Ministers had already accepted that some aspects of the act do not comply with EU law and needed to be revised. They wanted until April next year to introduce new rules.

On Friday, however, Lord Justice Singh and Lord Justice Holgate said legislation must be drawn up by the start of November.

Lawyers for Liberty argued in February that the act violates the public’s right to privacy by allowing the storage of and access to internet data.

The government accepted the act was inconsistent with EU law because access to retained data was not limited to the purpose of combating “serious crime” and was not subject to prior review by a court or other independent body.

The case was the first stage of Liberty’s legal challenge against the act and was funded by supporters who raised more than £50,000.

The Home Office announced a series of new safeguards last year in anticipation of the ruling. They included removing the power of self-authorisation for senior police officers, and requiring approval for requests for confidential communications data to be granted by the investigatory powers commissioner. Liberty said the safeguards did not go far enough.

The group has launched another fundraising effort for the next stage of its case, which includes challenging rules on bulk interception of digital communications.

It argues that the powers to intercept communications in bulk and create files known as personal datasets undermine free speech, privacy and patient confidentiality, legal privilege and journalists’ sources.

Speaking after the ruling, Liberty’s director, Martha Spurrier, said: “Police and security agencies need tools to tackle serious crime in the digital age, but creating the most intrusive surveillance regime of any democracy in the world is unlawful, unnecessary and ineffective.”

The latest ruling follows an appeal court decision in January against previous surveillance rules in the 2014 Data Retention and Investigatory Powers Act, which expired at the end of 2016.

Three senior judges concluded that Dripa was inconsistent with EU law following a challenge by the Labour deputy leader, Tom Watson, and campaigners, who were supported by Liberty.

quote:

Omstreden databedrijf Cambridge Analytica stopt na Facebookschandaal

Cambridge Analytica gooit de handdoek in de ring en vraagt faillissement aan. Het bedrijf stopt na weken onder vuur te hebben gelegen over het misbruik van via Facebook verkregen data.

Het bedrijf sluit de deuren omdat Cambridge Analytica veel klanten verloor in de afgelopen weken. Daarnaast stapelden de juridische kosten in het Facebook-onderzoek zich op.

'Volledig onderzoek'

Halverwege maart werd ceo Alexander Nix op non-actief gesteld. Nix onthulde dat het bedrijf in het geheim meewerkte aan verkiezingscampagnes en deed uitspraken over de inzet van prostituees. Het bedrijf startte een ‘volledig, onafhankelijk onderzoek’.

Het databedrijf stelde zeer nauwkeurige dataprofielen op van miljoenen mogelijke kiezers. Die werden dan vervolgens bestookt met berichten via Facebook. Volgens Facebook heeft Cambridge Analytica daar in 2015 zonder toestemming gebruikersdata van het sociale netwerk voor toegepast, waarmee het vervolgens een voordeel had bij het bereiken van Amerikaanse kiezers.

'Ethisch juist gehandeld'

Zelf is het bedrijf zich - volgens een verklaring - van geen kwaad bewust. Het bedrijf stelt slachtoffer te zijn geworden van ongefundeerde beschuldigingen. "Onze activiteiten zijn niet alleen legaal, maar ook nog breed geaccepteerd als een standaardcomponent van online adverteren, zowel in de politieke als commerciële arena."

Het bedrijf stelt dat de werknemers ethisch en wettelijk juist hebben gehandeld, maar dat door de doorlopende aandacht van de media voor het schandaal, vrijwel alle klanten vertrokken zijn. Daarna is geconcludeerd dat het onhaalbaar was om door te gaan.

Storm over Facebook

Begin april meldde Facebook dat er privegegevens van ongeveer 87 miljoen gebruikers met het omstreden bureau gedeeld zijn. Na de onthullingen volgde een storm van kritiek op Facebook.

Facebook-topman Mark Zuckerberg moest veelvuldig excuses aanbieden en bezwoer dat gebruikersdata veilig is bij Facebook. Hij moest ook verschijnen voor een commissie van het Amerikaanse congres, wordt binnenkort nog verwacht bij het Europees Parlement en de Britten hebben aangegeven dat hij ook daar tekst en uitleg moet komen geven. De ex-ceo van Cambridge Analytica weigerde dat.

Facebook past voorwaarden aan

Naar aanleiding van het schandaal heeft Facebook nu zijn algemene voorwaarden bijgewerkt. De update is bedoeld om alles duidelijker en helderder te maken door eenvoudiger taal te gebruiken, stelt het bedrijf. Onlangs werden de privacy-instellingen ook al beter zichtbaar en werd het voor gebruikers simpeler om gegevens te wissen.

Werknemers van het bedrijf hoorden woensdag dat het voorbij was. Ze moesten hun computers inleveren. Ook SCL Group, de Britse afdeling van Cambridge Analytica, stopt ermee.

quote:

Britse inlichtingendienst werkte in strijd met mensenrechten

De bevoegdheden van de Britse inlichtingendiensten gingen te ver en waren in strijd met de mensenrechten. Dat oordeelt het Europees Hof voor de Rechten van de Mens. De uitspraak is een overwinning voor de burgerrechtenbewegingen en journalistenorganisaties die de zaak hadden aangespannen.

De zaak was aangespannen naar aanleiding van documenten die via de Amerikaanse klokkenluider Edward Snowden naar buiten werden gebracht. Daarin stond veel informatie over de handel en wandel van de Britse inlichtingendienst.

Het hof oordeelt dat inlichtingendiensten wel op grote schaal privé-informatie mogen verzamelen, maar dat er te weinig toezicht was.


Journalisten

Daarnaast was er ook te weinig aandacht voor het beschermen van vertrouwelijke informatie van journalisten. Er waren niet genoeg waarborgen om te garanderen dat die informatie veilig werd bewaard.

Op een ander punt vingen de klagers bot. Volgens het hof was er niets mis met de informatie-uitwisseling met andere landen.

Overigens gaat dit vonnis over een wet uit 2000. Inmiddels is de inlichtingenwet aangepast. Volgens de Britse regering is de privacy nu beter geregeld. Het Hof voor de Rechten van de Mens heeft daar niet naar gekeken en velde er dus geen oordeel over.

quote:

GCHQ data collection regime violated human rights, court rules

quote:

Jim Killock, executive director of Open Rights Group, said: “Viewers of the BBC drama the Bodyguard may be shocked to know that the UK actually has the most extreme surveillance powers in a democracy. Since we brought this case in 2013, the UK has actually increased its powers to indiscriminately surveil our communications whether or not we are suspected of any criminal activity. In light of today’s judgment, it is even clearer that these powers do not meet the criteria for proportionate surveillance and that the UK government is continuing to breach our right to privacy.”

quote:

Kritiek toezichthouder op uitvoering inlichtingenwet: 'Te veel is onrechtmatig'

Een halfjaar nadat de nieuwe, omstreden wet op de inlichtingendiensten is ingevoerd, gaat nog lang niet alles goed. Dat concludeert de toezichthouder, die tegelijk met de introductie van de nieuwe wet is opgericht.

In de afgelopen zes maanden trapte die toezichthouder een op de twintig keer op de rem. Het gaat daarbij om inlichtingendienst AIVD of MIVD die toestemming vraagt om bijvoorbeeld een mogelijke terrorist af te tappen of te hacken.

"Een op de twintig verzoeken is onrechtmatig, dat vinden wij te veel. We zijn nu niet tevreden, er waren behoorlijk wat problemen", zegt voorzitter Mariëtte Moussault van de Toetsingscommissie Inzet Bevoegdheden.

Voordat de commissie zich over een verzoek buigt, moet de minister van Binnenlandse Zaken of Defensie al zijn handtekening hebben gezet. Dat betekent dat die ministers dus hebben ingestemd met een hack of tap die volgens de onafhankelijke toezichthouder in strijd met de wet is.

'Aanloopproblemen'

Volgens de ministeries van Binnenlandse Zaken en Defensie gaat het om aanloopproblemen. "Er waren wat aanloopproblemen omdat het allemaal nieuw was, maar die zijn grotendeels opgelost", laat Binnenlandse Zaken weten in een reactie.

Die conclusie durft Moussault nog niet te trekken. "Dat is te kort door de bocht. Op sommige punten is er een voorzichtige positieve ontwikkeling. Ik hoop over een halfjaar te kunnen zeggen dat het inderdaad opstartproblemen waren." Volgens de toetsingscommissie zijn er nog een aantal "aandachtspunten" die moeten worden opgelost.

_{Sinds de eerste conceptversie van de nieuwe inlichtingenwet is er veel protest tegen de wet. Op een consultatie kwamen honderden reacties, en studenten van de Universiteit van Amsterdam wisten met ruim 400.000 handtekeningen een referendum af te dwingen. Bij het referendum stemde een kleine meerderheid van 49,5 procent van de stemmers tegen, 46,5 procent stemde voor. Het kabinet voerde de wet desondanks in, maar werkt nu aan wijzigingen om tegemoet te komen aan de kritiek.}

De verzoeken werden onder meer afgekeurd als de inlichtingendiensten iets wilden doen dat volgens de toezichthouder niet door de beugel kon. In andere gevallen was niet goed genoeg uitgelegd waarom een zogenoemde bijzondere bevoegdheid moest worden ingezet.

"Soms leggen de inlichtingendiensten bijvoorbeeld niet goed uit waarom er een tap moet worden geplaatst die ook een non-target treft", zegt Moussault. Een 'non-target' is iemand die niet het doelwit is van de inlichtingendienst, maar in dit geval wel wordt getroffen door bijvoorbeeld een internettap, zoals een huis- of echtgenoot. Op dat punt worden verzoeken inmiddels beter gemotiveerd.

Ook gebeurt het dat er te weinig technische informatie wordt gegeven over een geplande hackoperatie. "Zo'n hack levert ook risico's op voor het doelwit", zegt voorzitter Moussault. Daar wordt soms te weinig informatie over gegeven.

"Maar in andere gevallen vinden we simpelweg dat een hack of tap te ver gaat", zegt Moussault. Om welke redenen verzoeken het meest worden afgekeurd, is onbekend.

Niet alleen werden er verzoeken afgekeurd: een op de tien verzoeken van de AIVD werd bovendien niet direct beoordeeld, omdat de toetsingscommissie te weinig informatie kreeg om tot een goed oordeel te komen. In die gevallen werd het ministerie om meer informatie gevraagd. In een klein aantal gevallen besloten de diensten om een verzoek in te trekken nadat er om meer informatie werd gevraagd.

Statistieken gecensureerd

Hoe vaak de inlichtingendiensten een verzoek tot tappen of hacken indienen, is niet bekend. De toetsingscommissie wilde dat bekendmaken, maar werd teruggefloten door het ministerie. In een rapport dat vanmiddag naar de Tweede Kamer wordt verzonden, zijn de statistieken weggelakt. Volgens de ministeries zijn de statistieken staatsgeheim.

De cijfers mogen wel worden vrijgegeven bij het jaarverslag van de toetsingscommissie, dat volgend jaar wordt gepubliceerd. Volgens de inlichtingendiensten geven de statistieken te veel prijs voor kwaadwillenden als ze op halfjaarlijkse basis worden vrijgegeven

"Wij hanteren het principe dat we zo transparant mogelijk willen zijn", zegt Moussault van de toezichthouder. "Maar het is uiteindelijk aan de ministers om te bepalen wat wel en niet openbaar wordt."

Grootschalige hacks

Moussault en haar collega's verbazen zich ook over de regels rond grootschalige hacks. Na kritiek op de nieuwe tapbevoegdheden voor de inlichtingendiensten - door de tegenstanders een 'sleepnet' genoemd - kwamen daarvoor extra waarborgen. Zo moeten de geheime diensten opnieuw toestemming vragen als ze afgetapte datasets willen bekijken.

Maar dat is niet zo bij grootschalige hacks, waarbij grote hoeveelheden gegevens kunnen worden buitgemaakt. Daar kunnen de inlichtingendiensten in struinen zonder dat ze opnieuw om toestemming hoeven te vragen. Volgens voorzitter Moussault komt dat in de praktijk voor. "Het verschijnsel is ons opgevallen", zegt ze.

Of de wet moet worden aangepast, is niet aan de toetsingscommissie, zegt ze. "Maar we snappen niet waarom er in de wet een verschil is tussen de toestemming voor grootschalige hacks en taps."

quote:

GCHQ boosts powers to launch mass data hacking

Expanded intelligence gathering is ‘a grave threat’ warn rights groups

The UK’s intelligence agencies are to significantly increase their use of large-scale data hacking after claiming that more targeted operations are being rendered obsolete by technology.

The move, which has alarmed civil liberty groups, will see an expansion in what is known as the “bulk equipment interference (EI) regime” – the process by which GCHQ can target entire communication networks overseas in a bid to identify individuals who pose a threat to national security.

A letter from the security minister, Ben Wallace, to the head of the intelligence and security committee, Dominic Grieve, quietly filed in the House of Commons library last week, states: “Following a review of current operational and technical realities, GCHQ have … determined that it will be necessary to conduct a higher proportion of ongoing overseas focused operational activity using the bulk EI regime than was originally envisaged.”

The expansion of EI is likely to prove highly controversial.

“The bulk equipment interference power permits the UK intelligence services to hack at scale by allowing a single warrant to cover entire classes of property, persons or conduct,” explained Scarlet Kim, legal officer at Privacy International, which has taken the government to court over GCHQ’s hacking activities abroad. “It also gives nearly unfettered powers to the intelligence services to decide who and when to hack.”

Potential targets can be extremely large, Kim suggested. “Hacking presents unique and grave threats to privacy and security,” she said. “It’s not just directed at computers and phones, but can target communications networks and their underlying infrastructure, permitting surveillance against whole groups or countries, or across numerous jurisdictions.”

When the government was piloting the Investigatory Powers Act through parliament two years ago, Lord Anderson, the government’s independent reviewer of terrorism legislation, stated in his Report of the Bulk Powers Review that “Bulk EI [equipment interference] is likely to be only sparingly used”.

However, the intelligence services claim that the widespread use of encryption means that targeted hacking exercises are no longer effective and so more large-scale hacks are becoming necessary. Anderson’s review noted that the top 40 online activities relevant to MI5’s intelligence operations are now encrypted.

“This is really alarming to hear because at the time [when the legislation was passing through parliament] there were really robust assurances that these would be sparingly used,” said Hannah Couchman, policy and campaigns officer at Liberty. “Something that was the exception is moving towards the norm and that’s deeply problematic for us.”

Wallace’s letter concedes that the intelligence agencies will not be able to determine some of the consequences of a bulk hacking exercise, claiming: “It is not always possible to adequately foresee the extent of all interferences with privacy to a sufficient degree … at the point of issue of a warrant.”

Instead, the investigatory powers commissioner will be able to make an assessment of the warrant’s impact after the hack has taken place. “This is too little, too late,” said Couchman, who questioned whether the expansion of bulk equipment interference would see more intelligence being traded with other countries, in return for information they have gathered on UK citizens.

“The fact that you have the review only after the privacy has been infringed upon demonstrates how worrying this situation is,” Couchman added. “With bulk powers, the state can hoover up and keep enormous quantities of data about an enormously wide range of people. Bulk equipment interference powers allow a broad range of hacking activities, including accessing computers and mobile phones. Imagine what the average person has on their devices.”

A government spokesman said: “Equipment interference is subject to the world-leading oversight of the investigatory powers commissioner and any bulk equipment interference warrant must be approved by an independent judicial commissioner before it can be issued.”

quote:

Apple and WhatsApp condemn GCHQ plans to eavesdrop on encrypted chats

GCHQ ‘ghost protocol’ would seriously undermine user security and trust, says letter

A GCHQ proposal that would enable eavesdropping on encrypted chat services has been condemned as a “serious threat” to digital security and human rights.

In an open letter signed by more than 50 companies, civil society organisations and security experts – including Apple, WhatsApp, Liberty and Privacy International – GCHQ was called on to abandon its so-called “ghost protocol”, and instead focus on “protecting privacy rights, cybersecurity, public confidence, and transparency”.

The proposal was first mooted by two senior intelligence officials, Ian Levy, the technical director of the UK’s national cyber security centre, and Crispin Robinson, head of cryptanalysis (the technical term for codebreaking) at GCHQ, in November 2018.

The pair put forward a technique that would avoid breaking encryption, instead requiring encrypted messaging services to – in effect – “cc” the encrypted message to a third recipient, at the same time as sending it directly. Levy and Robinson argued that the proposal was “no more intrusive than the virtual crocodile clips” which are used today in wiretaps of non-encrypted communications.

Opposing the plan, the letter argues that “to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust.

“First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.

“Second, in order to ensure the government is added to the conversation in secret, GCHQ’s proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.”

While GCHQ’s proposal stops short of calling for “back doors” to encryption, which experts have argued inherently introduce security flaws that can be exploited by hackers, its opponents argue that it does almost as much damage by undermining trust in security altogether.

“The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process,” the letter argues.

Replying, the NCSC’s Ian Levy said: “We welcome this response to our request for thoughts on exceptional access to data - for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion.

“We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.”

Apple, one of the signatories to the letter, is no stranger to this argument. The company endured a widely publicised standoff with the FBI in 2015 and 2016 over the company’s refusal to breach a different sort of encryption, that which protects the contents of a locked iPhone. Eventually, the FBI backed down, finding another way into the device without Apple’s help.

quote:

Australian Police Raid Journalist’s Home Over Surveillance Article

SYDNEY, Australia — The Australian authorities on Tuesday searched the home, computer and cellphone of a journalist who wrote an article last year detailing top-secret correspondence between government ministries over a plan to allow intelligence agencies to surveil Australian citizens.

The journalist, Annika Smethurst, the political editor for The Sunday Telegraph of Sydney, which is one of Australia’s most-read newspapers, was in her home in Canberra, the capital, on Tuesday morning when Australian Federal Police officers arrived with a warrant to search her house and belongings.

The police said in a statement that the warrant was related “to the alleged publishing of information classified as an official secret, which is an extremely serious matter that has the potential to undermine Australia’s national security.” The police added that no arrests were “expected today as a result of this activity.”

It was believed to be the first such action against an Australian journalist in more than a decade. The Australian union for journalists, the Media, Entertainment and Arts Alliance, called the raid “an outrageous attack on press freedom.”

“Australians are entitled to know what their governments do in their name,” the union’s president, Marcus Strom, said in a statement. “That clearly includes plans by government agencies to digitally spy on Australians by hacking into our emails, bank accounts and text messages.”

It is against the law in Australia for government officials to disclose classified or secret information. That allows the police to investigate leaks to journalists.

The Rupert Murdoch-owned News Corp. Australia, the parent company of The Sunday Telegraph, said that Ms. Smethurst had complied with the warrant. News Corp. called the raid “outrageous and heavy handed.”

“This raid demonstrates a dangerous act of intimidation towards those committed to telling uncomfortable truths,” the company said in a statement. “What’s gone on this morning sends clear and dangerous signals to journalists and newsrooms across Australia. This will chill public interest reporting.”


In April 2018, Ms. Smethurst reported that a top-secret proposal to expand the powers of the Australian Signals Directorate, the equivalent of the National Security Agency in the United States, was to be submitted for ministerial approval. She wrote that the proposal would allow “cyber spooks to target onshore threats without the country’s top law officer knowing.”

In the article, she quoted Mike Pezzullo, then the secretary of the Department of Home Affairs, as advocating “further legislative reform” to help law enforcement agencies combat “online, cybercrime and cyber-enabled criminal threats facing Australia.”

Under current law, the signals directorate cannot gather intelligence on Australian citizens. But the Australian Federal Police and the Australian Security Intelligence Organization, the country’s domestic spy agency, have the power to do so with a warrant. They can also turn to the signals directorate for technical guidance.

Since the article was published, there has been no formal government proposal for legislative amendments on the issue.

While the police are allowed to investigate leaks to journalists, members of the media do have some recourse. Legislation passed in recent years gives journalists protection from having to disclose their sources. But courts can decide that the public interest in learning the identities of sources outweighs any adverse effect of disclosure.

quote:

Barr says the US needs encryption backdoors to prevent “going dark.” Um, what?

"The FBI says they're 'going dark.' Well yeah, because they've been staring at the sun."

On July 23, in a keynote address at the International Conference on Cyber Security at Fordham University, US Attorney General William Barr took up a banner that the Justice Department and Federal Bureau of Investigation have been waving for over a decade: the call for what former FBI director James Comey had referred to as a "golden key."

Citing the threat posed by violent criminals using encryption to hide their activities from law enforcement, Barr said that information security "should not come at the expense of making us more vulnerable in the real world." He claimed that this is what is happening today.

"Service providers, device manufacturers, and application developers are developing and deploying encryption that can only be decrypted by the end user or customer, and they are refusing to provide technology that allows for lawful access by law enforcement agencies in appropriate circumstances," Barr proclaimed.

And this, he said, was making it increasingly difficult for law enforcement to surveil criminal activity. This blindspot is what also was allowing criminals to make their information and communications "warrant proof... extinguishing the ability of law enforcement to obtain evidence essential to detecting and investigating crimes," and allowing "criminals to operate with impunity, hiding their activities under an impenetrable cloak of secrecy."

In other words, the lawful surveillance capabilities of the government are "going dark," according to AG Barr.

"The net effect is to reduce the overall security of society," he continued. "I am here today to tell you that, as we use encryption to improve cybersecurity, we must ensure that we retain society's ability to gain lawful access to data and communications when needed to respond to criminal activity." AG Barr closed by saying that US citizens should accept encryption backdoors because backdoors are essential to our security.

In response, Gen. Michael Hayden, former director of the National Security Agency, said, "Not really."

Regardless of the accuracy of Barr's claims, encryption is certainly far more prevalent than it was even five years ago—back when freshly minted memoirist Edward Snowden gave the world a look at the workings of US intelligence agencies' digital surveillance capabilities. For better or worse, Snowden's data dump continues to shake up not just the world's view of communication privacy—it upended the world's view of information security in general.

Snowden's impact on the de jure of mass surveillance was perhaps less than he would have hoped for. But his revelations had wide-ranging effects on the tech industry and on the development of Internet and security standards. While Snowden opened up a dialogue about intelligence policy, "some of the most significant reforms were technical, not legal."

That's according to Ben Wizner of the American Civil Liberties Union, who has acted as Snowden's attorney. "The proliferation of encryption was rapidly accelerated," he says. "And the Internet is more secure today than it was in 2013. Technology companies realized that they had been operating under the wrong threat model."

After Snowden, Internet and technology firms could no longer ignore the threat posed by state-funded actors to their customers, said Mark Rumold, senior staff attorney at the Electronic Frontier Foundation (EFF). He went on:

. Companies recognized guarding against state surveillance is a bottom line issue for them... It is a question of financial interest to these companies to be able to convince their users that their data is secure with them, so we saw a lot of companies take steps to roll out encryption in various ways and I think that there's no question that this enhances security and privacy.

Just how much those steps have hindered legal surveillance and investigation—attempts by law enforcement and intelligence agencies operating under the authority of a court-approved warrant—is in dispute. As information security professional Robert Graham pointed out in a recent blog post, there is no evidence of a surge in crime corresponding to the use of encryption. Such claims, he says, are "based on emotional anecdotes rather than statistics."

Even allegedly hard data presented by the government has been routinely inflated. In December 2017, FBI Director Christopher Wray claimed in Congressional testimony that, in the 2017 fiscal year, the bureau "was unable to access the content of approximately 7,800 mobile devices" using available tools. Wray made this proclamation a year after the government's highly public battle over encryption with Apple in the wake of the tragedy in San Bernardino, California. But that figure was vastly larger than the 880 devices the FBI had cited a year before, and a Washington Post investigation found that the number of inaccessible devices in 2017 was actually about 1,200 according to an FBI internal estimate.

So, is surveillance really "going dark"? Or is this, as Graham suggested, "a Golden Age of Surveillance," where even more privacy is required? Joseph Lorenzo Hall, Chief Technologist at the Center for Democracy and Technology (CDT), leans toward the latter.

"The FBI says they're 'going dark'," Hall told Ars. "Well yeah, because they've been staring at the sun."

Fixing overexposure

Much of the Internet has become more secure over the past five years. The Snowden revelations may not have directly caused the rise of secure Web protocols, but they sure helped motivate protocol development. While the threat of a "global observer" on the Internet had been theorized before Snowden, his evidence of that sort of capability immediately triggered a response from the technical community.

"The engineering community took the succession of Snowden revelations really seriously," Hall told Ars. Just 11 months after the first of the leaks, the Internet Engineering Task Force put out RFC 7258, "stating that pervasive monitoring is an attack," Hall noted.

To be fair, the Internet in 2014 had practically nowhere to go but up in terms of protecting privacy. Almost all of the fundamental building blocks of the Internet were, at the time, "almost completely insecure" since their creation, Hall explained. That's "because we were experimenting with them. And now we're retroactively having to go back and put security back on."

That shift in perception of the threat of mass surveillance was followed by significant improvements in securing Web traffic. That included much more security-focused operations at major Internet service providers. Two particular changes were accelerated by the Snowden revelations: adoption of secure HTTP (HTTPS) and TLS encryption by major Internet services, and the development of Transport Layer Security (TLS) 1.3.

HTTPS has had the biggest effect so far, and the changes in TLS will further close the door on surveillance. In 2013, less than 30% of Web traffic was encrypted, and less than 10% of websites supported secure connections. By 2017, more than half of the Web supported HTTPS, and today over 70% of Web traffic is encrypted, based on data from Google and Let's Encrypt. As of April 2019, 91% of webpages visited by US users were secured. Internationally, about 85% of webpages visited were encrypted.

Adoption of encryption for email traffic—both between client and server and from provider to provider—also grew dramatically as a direct result of the Snowden revelations. In early 2014, only about a quarter of the email traffic between Google and other providers was encrypted. Now, it's over 75%.

The adoption of encryption has had major implications for both the intelligence community and law enforcement, at least in terms of "traditional" Internet traffic. Much of the metadata we examined in our 2014 project with NPR that was usable for surveillance by the NSA's XKeyscore system has become much less accessible. We re-staged the tests recently, using ourselves as the victim. Many of the identifiers and other content we were able to pick out of passive traffic collection in 2014 have been dramatically reduced. That isn't to say that they're gone—they're just concealed within encrypted HTTPS and TLS traffic now, at least for standard Web and email traffic.

This practical consideration may be directly responsible for the NSA dropping "about" collection (searching the contents of traffic for communications that mention specific keywords or identifiers for persons of interest). But there are still other ways to gather surveillance data from Internet traffic that won't be going dark any time soon.