Monitoring NSA in de VS en erbuiten, deel 9

quote:

Laat minister Plasterk zijn 'Big Brother'-wet inslikken

quote:

Nederland dreigt uit de bocht te vliegen met het massaal bespioneren van zijn burgers. Slecht plan.
^{Door: Menso Heus, 'technology officer' en expert internetveiligheid bij Free Press Unlimited}

quote:

Met toestemming van de minister mogen de diensten voortaan al onze communicatie bespieden en analyseren: telefoonverkeer, e-mail, websites die we bezoeken, enzovoort. Dit alles, zonder dat we ook maar ergens van worden verdacht. De gegevens worden tot wel drie jaar bewaard en kunnen worden uitgewisseld met buitenlandse geheime diensten.

De wetgever vermijdt het woord angstvallig, maar het gaat hier klip en klaar om 'massa surveillance' van het type zoals Edward Snowden dat onthulde. In plaats van ons hiertegen te beschermen, wil de Nederlandse overheid er nu zelf gebruik van kunnen maken.

Het ongericht aftappen van de communicatie van onschuldige en onverdachte burgers is echter in strijd met de Grondwet, het Europees Verdrag voor de Rechten van de Mens, het Internationaal Verdrag inzake Burgerrechten en Politieke Rechten en jurisprudentie van het Europees Hof voor de Rechten van de Mens. Ook staat het haaks op de Universele Verklaring van de Rechten van de Mens van de VN.

quote:

Labour did too little to safeguard civil liberties, says Yvette Cooper

quote:

Labour leadership contender Yvette Cooper has issued a mea culpa over the last Labour government’s attitude towards civil liberties, saying it did not do enough to keep the state’s surveillance powers in check. In the latest sign of candidates trying to draw a line under the past, the shadow home secretary criticised the governments of Tony Blair and Gordon Brown for being “too reluctant to introduce checks and balances as strong as new terrorism powers”.

Both the Labour and Conservative parties also ignored the inadequacy of laws governing interception of communications – the Regulation of Investigatory Powers Act (Ripa) – for too long, she added.

Cooper told the Guardian that better protection of civil liberties would become a policy if she is elected as Labour’s leader next month. She said she would make it a priority to “break up concentrations of power” and launch a review of privacy in relation to private sector companies that hold a huge amount of personal data.

quote:

Super Stream Me stopt. Tim en Nicolaas waren er helemaal klaar mee

quote:

Het duurde precies 15 dagen, 1 uur en 25 minuten voordat Tim den Besten en Nicolaas Veul het beu waren hun leven live te streamen. De jongens droegen dag en nacht een camera bij zich en deelden hun leven met de rest van de wereld. Op de site van Super Stream Me zag je hun hartslag, exacte locatie en gemoedstoestand. We konden alles over ze te weten komen: hun telefoonnummer, bankgegevens en of ze masturbeerden.

quote:

Veul zag het als zijn werk om als televisiemaker de vraag te stellen waar hij oprecht nieuwsgierig naar was. “Dan moet je niet schromen om zelf met de billen bloot te gaan.” En dat deden ze. Letterlijk en figuurlijk. Nu is de koek op, de mannen zijn uitgeput, willen niet meer en kappen ermee.

quote:

Vooral het niet alleen kunnen zijn en daardoor geen rust hebben brak Den Besten op. “Dat heb ik nodig. Ik heb geleerd dat het heel belangrijk is om niet altijd gezien te worden. Gewoon in je raam te kunnen zitten en naar buiten te kijken.” Veul heeft een groot besef van privacy uit dit experiment gehaald. “Er is een quote van Snowden die zegt: ‘privacy gaat niet om wat je te verbergen hebt, maar om wat je te beschermen hebt’. Dat weet ik nu heel goed.”

quote:

'Deal over doorgifte data Europeanen aan VS is ongeldig'

quote:

Nationale toezichthouders zijn niet gebonden aan een beschikking van de Europese Commissie dat gegevens van Europeanen naar de VS gestuurd mogen worden omdat ze daar voldoende beschermd worden. Ze mogen die verzending opschorten, luidt een advies aan het Hof van Justitie van de Europese Unie (HvJEU).

quote:

De advocaat-generaal van het Europees Hof van Justitie schrijft in zijn advies zelfs dat de desbetreffende beschikking ongeldig is. Het HvjEU neemt het advies van de advocaat-generaal vrijwel altijd over. De zaak is aanhangig gemaakt door een Oostenrijker die er bezwaar tegen maakte dat de Ierse dochteronderneming van Facebook zijn gegevens doorspeelde aan servers in de Verenigde Staten. Hij betoogde dat de Snowden-onthullingen hadden aangetoond dat zijn data daar niet in veilige handen waren.

De Ierse toezichthouder wees het bezwaar van de hand met een verwijzing naar de beschikking van de Europese Commissie van 2002 over de Safe Harbour-afspraken, die zouden waarborgen dat de VS een voldoende niveau van bescherming van persoonsgegevens biedt. De zaak ging naar het High Court of Ireland, dat vervolgens van het HvJEU wilde weten of nationale autoriteiten zelf de mate van bescherming nog mogen onderzoeken en zo nodig de gegevensverstrekking mogen opschorten.

quote:

“Snowden Treaty” Calls for End to Mass Surveillance, Protections for Whistleblowers

Inspired by the disclosures of NSA whistleblower Edward Snowden, a campaign for a new global treaty against government mass surveillance was launched today in New York City.

Entitled the “The International Treaty on the Right to Privacy, Protection Against Improper Surveillance and Protection of Whistleblowers,” or, colloquially, the “Snowden Treaty,” an executive summary of the forthcoming treaty calls on signatories “to enact concrete changes to outlaw mass surveillance,” increase efforts to provide “oversight of state surveillance,” and “develop international protections for whistleblowers.”

At the event launching the treaty, Snowden spoke via a video link to say that the treaty was “the beginning of work that will continue for many years,” aimed at building popular pressure to convince governments to recognize privacy as a fundamental human right, and to provide internationally-guaranteed protections to whistleblowers who come forward to expose government corruption. Snowden also cited the threat of pervasive surveillance in the United States, stating that “the same tactics that the NSA and the CIA collaborated on in places like Yemen are migrating home to be used in the United States against common criminals and people who pose no threat to national security.”

The treaty is the brainchild of David Miranda, who was detained by British authorities at Heathrow airport in 2013, an experience that he described as galvanizing him towards greater political activism on this issue. Miranda is the partner of Glenn Greenwald, a founding editor of The Intercept who received NSA documents from Snowden. Authorities at Heathrow seized files and storage devices that Miranda was transporting for Greenwald. (The Press Freedom Litigation Fund of First Look Media, the publisher of the Intercept, is supporting Miranda’s lawsuit challenging his detention.)

Along with the activist organization Avaaz, Miranda began working on the treaty project last year. “We sat down with legal, privacy and technology experts from around the world and are working to create a document that will demand the right to privacy for people around the world,” Miranda said. Citing ongoing efforts by private corporations to protect themselves from spying and espionage, Miranda added that “we see changes happening, corporations are taking steps to protect themselves, and we need to take steps to protect ourselves too.”

The full text of the treaty has yet to be released, but it is envisioned as being the first international treaty that recognizes privacy as an inalienable human right, and creates legally-mandated international protections for individuals who are facing legal persecution for exposing corruption in their home countries. Its proponents hope to build momentum and convince both governments and multi-national organizations to adopt its tenets. Since the Snowden revelations there has been increasing public recognition of the threat to global privacy, with the United Nations announcing the appointment of its first Special Rapporteur on this issue in March, followed by calls for the creation of a new Geneva Convention on internet privacy.

Greenwald also spoke at the event, saying, “This campaign offers the opportunity to put pressure on governments to adopt a treaty that pushes back against mass surveillance, and also makes clear that individuals who expose corruption should not be subject to the retribution of political leaders.” Adding that many governments that make a show of supporting the dissidents of other countries tend to persecute their own whistleblowers, Greenwald added, “We need a lot of public pressure to say that mass surveillance should end, and that people who expose corruption should be entitled to international protections.”

Bron: theintercept.com

quote:

Privacy-folders met drone boven NSA-complex gedropt

quote:

Een gebouw van de geheime dienst loop je niet zomaar binnen. Toch wilden privacy-activisten het personeel in zo'n ondoordringbaar fort heel graag iets zeggen. Hun oplossing was een drone, die maandag duizenden flyers uitstrooide boven het Dagger Complex in het Duitse Darmstadt, een Amerikaanse militaire basis met een Europese vestiging van de NSA. Erop stond één simpele vraag: 'Klaar om je baan op te zeggen?'

quote:

Hof: Facebookdata Europeanen onvoldoende beschermd

quote:

De rechtszaak werd in augustus vorig jaar aangespannen tegen Facebook door de Oostenrijkse student en activist Max Schrems. Hij heeft sinds 2008 een account op Facebook en stapte naar de rechter na de onthullingen van Edward Snowden. Hieruit bleek dat Amerikaanse geheime diensten op grote schaal het internet 'afluisteren'.

quote:

NSA can break into encrypted Web and VPN connections due to a commonplace cryptographic mistake

Two researchers have found that the National Security Agency (NSA) of USA could have the technology to break into the 1024 bit Diffie-Hellman cryptographic key exchange due to a commonplace weakness. This means that NSA could be able to peer into a large amount of encrypted communications.

The researchers noted that one single prime is used to encrypt two-thirds of all virtual private networks (VPNs) and a quarter of secure shell (SSH) servers globally, two major security protocols used by a number of businesses. A second prime is used to encrypt “nearly 20 [percent]of the top million HTTPS websites.” This is a commonly used way of keeping data indecipherable for anyone except its intended recipient – almost anyone, that is.

“Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous,” researchers Alex Halderman and Nadia Heninger wrote in a blog post published Wednesday. “Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.”

The problem is that many of these 1024-bit prime numbers are reused because of how (previously) inconceivably expensive it would be to break them. As noted above, the researchers found that one single prime number is used to encrypt two-thirds of all VPNs and a quarter of all SSH servers, two security measures used by businesses globally. Another is used to encrypt 18 percent of the “top million HTTPS websites.” That means that a single instance of the aforementioned year-long cracking effort could give the NSA access to all of this information.

“This isn’t a flaw in a particular protocol, it’s a property of the math [that]underlies Diffie-Hellman, which is part of the foundation of almost every important cryptographic protocol we use,” Halderman said. “It’s certainly not an overnight [fix]. One of the problems is that the standards behind any important protocols like the IPsec VPN protocol specify that everyone will use these particular primes that by virtue of being so lightly used are made weaker. I think it’s going to be years unfortunately before standards and implementations are widely updated to account for this threat.”

Bron: www.techworm.net

quote:

Facebook will warn you if the government is hacking your profile

A hacker or spammer can do some serious damage to your Facebook account — but what about the watchful eye of the government over your private messages?

Facebook said it will begin warning users if it detects a user's account is being targeted or compromised by a nation-state or a state-sponsored actor.

See also: What the massive government breach means for your personal data

"While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored," Facebook's Chief Security Officer Alex Stamos wrote in a blog post on Saturday. "We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts."

When Facebook has strong evidence that a government is intruding on a user's Facebook account, the company will send this warning:



Stamos added that Facebook likely won't be able to provide any additional explanation as to why it suspects a users's account has been targeted, but the message doesn't mean Facebook as a whole has been compromised. He also doesn't single out any particular state or government in the blog post.

If you receive the message above, you should enable two-factor authentication, which is under Login Approvals on Facebook. Stamos further suggests that users should "rebuild or replace" their computer system, as it's likely to be infected by malware.

In Facebook's last transparency report from November 2014, the company revealed that government requests for Facebook user data in the first half of 2014 increased 24% from the second half of 2013. However, those are formal requests, so they do not include attempts by governments or government-sponsored agents to obtain users' information without permission. It's difficult to estimate how often those incidents occur, though the mere fact that Facebook is now warning users about such attempts suggests they are not uncommon.
Bron: mashable.com

quote:

Investigatory powers bill: snooper's charter to remain firmly in place | World news | The Guardian

Legislation will enshrine security services’ licence to hack, bug and burgle their way across the web – with judicial oversight still to be determined


The key elements of the snooper’s charter, including the bulk collection and storage for 12 months of everyone’s personal data, tracking their use of the web, phones and social media, will remain firmly in place when the government publishes its new investigatory powers bill on Wednesday.

The legislation, to be introduced by the home secretary, Theresa May, will provide the security services with an explicit licence to “snoop on the web” for the first time.

Until the disclosures of the whistleblower Edward Snowden, these powers and mass surveillance programmes remained hidden in the complex undergrowth of the pre-digital age Regulation of Investigatory Powers Act 2000 (Ripa) and other arcane surveillance laws.

The new, comprehensive, surveillance legislation will provide the security services and police with access to personal web and phone data using bulk-collection powers and will also put on a fresh legal footing spies’ mass computer hacking, known as “computer network exploitation”.

Related: Lord Carlile criticises proposals for judges to approve spying warrants

In the runup to the bill’s publication May has made much of having removed some of the more contentious elements from her previous attempt to introduce the snooper’s charter in parliament, which was blocked by her Liberal Democrat coalition partners. So is this week’s new surveillance law a climbdown or is it still a snooper’s charter?

Internet and phone companies are expected to be required to keep the communications data of all their customers’ use of the web, their phones and social media for 12 months. This is not the content, which has to be authorised by a ministerial intercept warrant, but the who, what, where and when of everyone’s use of the web.

It is often the case that the “who sent what to whom from where” can be more useful to the security services and police than the actual content of messages because it can tell them a lot about an individual’s life, and represents hard evidence.

It is easy to lie in the writing of an instant message but far harder to lie over when and to whom it was sent. This is reflected in the fact that communications data can be used as evidence in court while information obtained via interception is not admissible and can only be used for intelligence.

The Home Office will pay the internet and phone companies an as-yet unspecified (but no doubt large) sum to store this data and to provide access to the security services and the police according to specified regimes.

The security and intelligence services will use the bulk collection of personal internet data by the web and phone companies as the basis of GCHQ’s powerful data-mining programs to generate intelligence data.

Related: Don’t be fooled by spook propaganda: the state still wants more licence to pry | Henry Porter

It is the activity of the hundreds of such programs that campaigners say amounts to the snooper’s charter invasion of privacy.

The police, who make the bulk of the 500,000 external requests for communications data each year, have a separate regime with approval at inspector or superintendent level depending on the kind of data being requested for use in crime investigations. This includes terrorism investigations but also stalking and missing persons cases.

The bill is expected to add a category of internet connection records that will allow the police to trace which websites a suspect has visited, but not the content of pages. This is expected to require judicial authorisation, which is likely to be in the form of a panel of specially trained retired judges and requests will have to be targeted and limited.

They may also be required to authorise police requests for the communications data of journalists, lawyers or other legally privileged professions.

A further 40 public bodies also get different levels of access but often will need a magistrate’s authorisation. But the vast majority of the 500,000 requests made each year will continue as now without the need for a judicial or ministerial warrant.

The home secretary has given up trying to force overseas web companies to meet British requests to hand over their customers’ data. She has also dropped her plan to get UK-based companies to keep “third party” data that passes over their networks if the US companies refused to cooperate.

Instead, May has decided to rely on the recommendations of Sir Nigel Sheinwald, the former British ambassador to Washington, who earlier this year told the government that the only way to solve this problem was to negotiate a new treaty with the US to secure a rapid response to requests.

When the prime minister visited Washington earlier this year he gave the impression that he wanted to ban encryption on the web, arguing that there should be no safe space for terrorists or paedophiles. Ministers have ruled out for now any such ban or restriction on encryption, which would have severely undermined Britain as a global business centre.

The bill will enshrine the security services’ licence to hack, bug and burgle their way across the web. Britain’s security services only officially admitted that they had worldwide powers to attack computers this year.

As a result of a court case, an innocuous-sounding “draft equipment interference code of practice” was published by the Home Office. This put into the public domain the rules and safeguards surrounding the use of computer hacking outside the UK by the security services for the first time.

Privacy campaigners said the powers outlined in the draft guidance detailed the powers of intelligence services to sweep up content of a computer or smartphone, listen to their phone calls, track their locations or even switch on the microphones or cameras on mobile phones. The last would allow them to record conversations near the phone or laptop and snap pictures of anyone nearby.

Theresa May faces strong parliamentary opposition to continued ministerial authorisation of the 2,400-a-year intercept warrants she currently signs. She has already offered a two-stage compromise by floating the idea of a judicial veto on her authorisations. She is also expected to announce that the fragmented system of five separate oversight commissioners is replaced with a single investigatory powers commissioner, who would be a senior judge, to hold the security services and police to account.

Bron: www.theguardian.com

quote:

My work at GCHQ and the surveillance myths that need busting | Comment is free | The Guardian

In a first for the Guardian, a GCHQ officer writes about its investigatory powers in the wake of the publication of Theresa May’s proposed new measures


Many words about GCHQ have appeared over the last two years – but rarely have they been GCHQ’s own words. We welcome the debate now under way in parliament and among the public about our work. We need public consent for what we do – we wouldn’t want to do our jobs without it. We want the debate to be informed by facts, not half-understood inferences. We do not expect to persuade everyone to support what we do, but GCHQ certainly does bear a responsibility to make sure the discussion about us is based in reality. I want to cover two particular topics frequently misunderstood: bulk interception and encryption.

The draft bill published on Wednesday responds to three independent reviews carried out into investigatory powers. The reviews were unanimous in their agreement that the powers currently available to the intelligence and security services remain essential. And while the courts have recently confirmed that the bulk interception regime was lawful, the reviewers concluded that the legal framework needed updating. We are confident that the draft bill places our powers on a clearer footing and strengthens safeguards and oversight to a world-leading standard.

The draft bill also enables GCHQ and our sister agencies to meet the challenges of technological advances. As the internet grows exponentially, and smartphones create an explosion in information, increasingly tech-savvy criminals and terrorists attempt to hide in the mass of data and the dark recesses of the web.

Our best – often our only – chance to detect them is to search and analyse datasets in which they might be found. All major UK counter-terrorism investigations of the last decade have relied on analysis of data collected at scale to understand and disrupt the threat. This is particularly critical when a threat emanates from overseas, where we and other agencies have fewer options to illuminate it. Many other aspects of our work depend on it too, including child exploitation, cybersecurity and serious crime.

In 2014, GCHQ analysis of bulk data uncovered a previously unknown individual in contact with Isis attack-planners in Syria. Although he tried to hide his activity, we were able to use bulk data to spot that he had travelled to Europe, where he planned to carry out an attack. The data was provided to the authorities in that country, enabling the successful disruption of the plot, including capturing the home-made bombs he had manufactured.

Use of these bulk data powers is not indiscriminate. GCHQ cannot and would not hoover up every piece of information. It would be illegal for us to carry out “mass surveillance”, nor would we want to, even if the law allowed it. And stringent access controls apply before analysts may examine any particular piece of data. We always focus on maximising the probability of identifying people who wish to do us harm. The scale of internet data is staggering compared to 10 years ago, so while the volume we scan may seem large, it is a minute slice of the whole.

Those with unfettered access to our operations have quickly dispelled the mass surveillance myth. David Anderson QC examined examples of cases reliant on bulk interception, interrogated our analysts and looked at our intelligence reports. He wrote: “They leave me in not the slightest doubt that bulk interception, as it is currently practised, has a valuable role to play in protecting national security.” The parliamentary intelligence and security committee stated: “Our inquiry has shown that the agencies do not have the legal authority, the resources, the technical capability, or the desire to intercept the communications of British citizens, or of the internet as a whole. GCHQ is not reading the emails of everyone in the UK.” Sir Anthony May, one of Britain’s most senior judges, conducted an investigation and asked the question whether we engage in random mass intrusion into the private affairs of innocent citizens. His answer was “emphatically no”.

There is another myth that badly needs busting, namely the idea that GCHQ is against encryption and would not disclose vulnerabilities in software. We live more and more of our lives online and it is right that companies which hold the personal data of their customers take the strongest steps to keep it secure. It is also right that people should be able to interact with their bank and other businesses with confidence. As well as being civil servants charged with a unique mission, our own staff live everyday lives where they, their family and their friends depend on the same secure technology as everyone else.

The draft bill essentially repeats what the law currently says about encryption.

We do not seek to ban encryption, we do not want mandatory “back doors” in products and we frequently warn companies about security vulnerabilities we find. On a daily basis we advise companies and public services about how to deal with specific cyber-attacks. No organisation does more to protect UK cybersecurity than GCHQ. In September 2015, Apple publicly credited CESG (the information assurance arm of GCHQ) with the detection of a vulnerability in its iOS operating system for iPhones and iPads which could have been exploited. That vulnerability has now been patched.

Dealing with encryption and analysing data at scale were crucial for GCHQ’s predecessors at Bletchley Park to succeed in their mission. Protecting life and liberty is our heritage, but it’s our current and future duty too. We need legislation and powers fit for the modern world to carry out that duty.

Bron: www.theguardian.com

quote:

Only 'tiny handful' of ministers knew of mass surveillance, Clegg reveals | Politics | The Guardian

Former deputy PM says he was astonished to learn how few cabinet members were aware of scale of UK spies’ reach into lives of British citizens

The majority of the UK cabinet were never told the security services had been secretly harvesting data from the phone calls, texts and emails of a huge number of British citizens since 2005, Nick Clegg has disclosed.

Clegg says he was informed of the practice by a senior Whitehall official soon after becoming David Cameron’s deputy in 2010, but that“only a tiny handful” of cabinet ministers were also told – likely to include the home secretary, the foreign secretary and chancellor. He said he was astonished to learn of the capability and asked for its necessity to be reviewed.

Related: The surveillance bill is flawed but at last we have oversight | Nick Clegg

The former deputy prime minister’s revelation in the Guardian again raises concerns about the extent to which the security services felt they were entitled to use broadly drawn legislative powers to carry out intrusive surveillance and keep this information from democratically elected politicians.

Related: Security and liberty: Theresa May’s surveillance plans | Letters from Lord West and others

The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act.

It is not known if government law officers sanctioned the use of the act in this way, but it appears the intelligence and security committee responsible for parliamentary oversight was not informed, adding to the impression of a so-called deep state operating outside the scrutiny of parliament.

Clegg writes: “When I became deputy prime minister in 2010, I was the leader of a party that had been out of government for 65 years. There were a lot things that we had to re-learn, and a lot that was surprising and new.

“When a senior official took me aside and told me that the previous government had granted MI5 direct access to records of millions of phone calls made in the UK – a capability that only a tiny handful of senior cabinet ministers knew about – I was astonished that such a powerful capability had not been avowed to the public or to parliament and insisted that its necessity should be reviewed.

“That the existence of this previously top secret database was finally revealed in parliament by the home secretary on Wednesday, as part of a comprehensive new investigatory powers bill covering many other previously secret intelligence capabilities, speaks volumes about how far we’ve come in a few short years.”

He also contends that when the revelations of Edward Snowden hit, “the knee-jerk response within government was to play the man and ignore the ball”.

He writes: “Ministers simply didn’t understand – whatever concerns they may have had about Snowden’s own behaviour - the significance of the fact that the world now knew the government’s most closely guarded secrets. They refused to acknowledge that the democratisation of the security state had become inevitable.”

Related: Mass snooping and more – the measures in Theresa May's bill

Clegg claims the draft investigatory powers bill, published on Wednesday, has put the country within touching distance of a comprehensive set of laws covering every surveillance capability of the government. The draft bill, he argues, has been the result of the internal pressure applied by Liberal Democrat ministers inside the coalition government and the external debate generated by the Snowden revelations.

Giving his most detailed assessment of the specifics of the draft bill, he adopts a more sceptical attitude than the initial Labour frontbench reaction on Wednesday, saying many of the proposals are controversial and excessive.

He says the ability of GCHQ “to hack anything from handsets to whole networks is highly intrusive and needs to be much better understood before we can place it within appropriate constraints.

“The new, revised proposals on the storage of web browsing data remain problematic as the bill appears to call for the storage of vast quantities of data that go far beyond the operational requirements set out by the home secretary in the Commons.”

In common with some Tory MPs, he suggests: “The so called ‘double lock’ of judicial oversight appears to be nothing of the sort, as judges will have very little discretion when making decisions about individual warrants. And many will wish to question the access that the intelligence agencies have to our phone records.”

Bron: www.theguardian.com

quote:

Rechter deelt tik uit aan Amerikaanse veiligheidsdienst NSA | NOS

Een federale rechter in de Verenigde Staten heeft het verzamelen van metadata van telefoongesprekken "hoogstwaarschijnlijk ongrondwettelijk" genoemd. Hij deed dat in de zaak die een advocatenkantoor in Californië had aangespannen tegen de veiligheidsdienst NSA.

Twee jaar geleden kwamen de verregaande activiteiten van de NSA via klokkenluider Edward Snowden aan het licht. Er bleek onder meer dat de dienst op grote schaal metadata verzamelt, dus bijvoorbeeld informatie over wie met wie mailt of belt.

De rechter in de hoofdstad Washington heeft het in zijn vonnis over "een verlies aan grondwettelijke vrijheden". De NSA moet van hem onmiddellijk stoppen met het verzamelen van de gegevens van het advocatenkantoor.

De uitspraak is overigens vooral van symbolisch belang: het massasurveillanceprogramma van de NSA in zijn huidige vorm loopt over drie weken af. Op 29 november gaat de dienst over op een systeem waarbij het aftappen doelgerichter zal zijn.

Desondanks zijn privacy-activisten blij met de uitspraak. Edward Snowden spreekt op Twitter van een historisch besluit.

Bron: nos.nl

quote:

NSA Surveillance: A Resource Page

quote:

In June 2013, Glen Greenwald, then of The Guardian, broke the first of many stories detailing how the NSA gathers and stores information about innocent Americans. Since then, we have learned that U.S. intelligence agencies are gathering massive amounts of data from phone and internet companies, not just on Americans, but foreign leaders as well.

How and under what circumstances are U.S. intelligence agencies allowed to collect your data? Where does Americans' data go once they collect it? In this collection of resources, the Brennan Center sheds a much-needed light on how the government is collecting, sharing, and storing data that is not immediately relevant to counterterrorism efforts.

quote:

Paris is being used to justify agendas that had nothing to do with the attack | Trevor Timm | Comment is free | The Guardian

The Paris attackers weren’t Syrian, and they didn’t use encryption, but the US government is still using the carnage to justify attempts to ban them both

The aftermath of the Paris terrorist attacks has now devolved into a dark and dishonest debate about how we should respond: let’s ban encryption, even though there’s no evidence the terrorists used it to carry out their crime, and let’s ban Syrian refugees, even though the attackers were neither.

It’s hard to overstate how disgusting it has been to watch, as proven-false rumors continue to be the basis for the entire political response, and technology ignorance and full-on xenophobia now dominate the discussion.

Related: Donald Trump's bigotry against Muslims has safety implications we can't ignore | M Dove Kent

First, there’s the loud “we need to ban encryption” push that immediately spawned hundreds of articles and opinions strongly pushed by current and former intelligence officials the day or two after the attacks, despite the government quietly admitting there was no evidence that the attackers used encryption to communicate. It was a masterful PR coup: current and former intelligence officials got to sit through a series of fawning interviews on television where they were allowed to pin any of their failures on Edward Snowden and encryption – the bedrock of privacy and security for hundreds of millions of innocent people – with virtually no pushback, or any critical questions about their own conduct.

The entire encryption subject became a shiny scapegoat while the truth slowly trickled in: as of Tuesday, it was clear that American and/or French intelligence agencies had seven of the eight identified attackers on their radar prior to the attacks. The attackers used Facebook to communicate. The one phone found on the scene showed the terrorists had coordinated over unencrypted SMS text messages – just about the easiest form of communication to wiretap that exists today. (The supposed ringleader even did an interview in Isis’s English magazine in February bragging that he was already in Europe ready to attack.)

As an unnamed government official quoted by the Washington Post’s Brian Fung said, if surveillance laws are expanded the media will be partly to blame: “It seems like the media was just led around by the nose by law enforcement. [They are] taking advantage of a crisis where encryption hasn’t proven to have a role. It’s leading us in a less safe direction at a time when the world needs systems that are more secure.”

As dishonest as the “debate” over encryption has been, the dark descension of the Republican party into outright racism and cynically playing off the irrational fears of the public over the Syrian refugee crisis has been worse. We now know the attackers weren’t Syrian and weren’t even refugees. It was a cruel rumor or hoax that one was thought to have come through Europe with a Syrian passport system, but that was cleared up days ago. But in the world of Republican primaries, who cares about facts?

Virtually every Republican candidate has disavowed welcoming any refugees to the US, and they are now competing over who is more in favor of banning those who are fleeing the very terrorists that they claim to be so against.

It doesn’t matter that the US has a robust screening system that has seen over 750,000 refugees come to the United States without incident – the Republican-led House has now voted to grind the already intensive screening process to a virtual halt (they were disgracefully joined by many Democrats). Chris Christie said the US should refuse widows and orphans. Rand Paul introduced a law to bar the entire Muslim world from entering the US as refugees. Donald Trump has suggested he would digitally track every Muslim in the county.

As The Intercept’s Lee Fang documented in detail, the rhetoric spewing from the mouths of the Republican Party sounds almost word for word like the racists during World War II that wanted the US to refuse Jews on the basis that they might be secret Nazis.

Even the supposedly establishment Republicans have debased themselves with rhetoric that one can only hope that one day they regret. This video of Jeb Bush struggling to explain why he would create a religious litmus test for refugees and how families are going to “prove” they’re Christian is truly cringeworthy. As Barack Obama said in his admirable condemnation of Bush and others on Tuesday, such talk is “shameful” and “un-American.”

One can say a lot of awful things about Jeb’s brother, George W Bush, including that his disastrous wars that led to the Isis mess we are in now, but he did do one thing right: he was always willing to publicly speak out in favor of the vast majority of Muslims who are peaceful and abhor terrorism just like everyone else. As Chris Hayes noted, not a word of this touching speech Bush gave at an Islamic Center a week after 9/11 would ever be uttered by any of the Republican candidates today. Instead they compete over who can disparage and debase the Muslim community with the broadest brush stroke.

There are plenty of questions to ask in the aftermath of the attacks to learn how terrorism can better be prevented in the future. Instead public discourse has veered so far off-course that it’s hard to see when it will return.

Bron: www.theguardian.com

quote:

Telegraph Publishes The Dumbest Article On Encryption You'll Ever Read... Written By David Cameron's Former Speechwriter

Over the weekend, the Telegraph (which, really, is probably only the second or third worst UK tabloid), published perhaps the dumbest article ever on encryption, written by Clare Foges, who until recently, was a top speech writer for UK Prime Minister David Cameron (something left unmentioned in the article). The title of the article should give you a sense of its ridiculousness: Why is Silicon Valley helping the tech-savvy jihadists? I imagine her followups will including things like "Why is Detroit helping driving-savvy jihadists?" and "Why are farmers feeding food-savvy jihadists?"

quote:

Bron: www.techdirt.com

quote:

Einde aan telefonisch sleepnet NSA

Vanaf vandaag mag de Amerikaanse inlichtingendienst NSA niet meer ongericht al het telefoonverkeer in de VS in de gaten houden. Vanaf klokslag middernacht, 06.00 uur Nederlandse tijd, worden de bevoegdheden van de dienst flink ingeperkt.

Het is de grootste beperking van een inlichtingendienst sinds de aanslagen van 9/11. Voortaan mag de NSA niet meer willekeurig alle gegevens over telefoontjes verzamelen, maar moet er voor elke persoon of groep specifiek een gerechtelijk bevel worden aangevraagd. Dat is dan maximaal zes maanden geldig.

Bron: nos.nl