Monitoring NSA in de VS en erbuiten, deel 10

quote:

Do NSA's Bulk Surveillance Programs Stop Terrorists?

quote:

On June 5, 2013, the Guardian broke the first story in what would become a flood of revelations regarding the extent and nature of the NSA’s surveillance programs. Facing an uproar over the threat such programs posed to privacy, the Obama administration scrambled to defend them as legal and essential to U.S. national security and counterterrorism. Two weeks after the first leaks by former NSA contractor Edward Snowden were published, President Obama defended the NSA surveillance programs during a visit to Berlin, saying: “We know of at least 50 threats that have been averted because of this information not just in the United States, but, in some cases, threats here in Germany. So lives have been saved.” Gen. Keith Alexander, the director of the NSA, testified before Congress that: “the information gathered from these programs provided the U.S. government with critical leads to help prevent over 50 potential terrorist events in more than 20 countries around the world.” Rep. Mike Rogers (R-Mich.), chairman of the House Permanent Select Committee on Intelligence, said on the House floor in July that “54 times [the NSA programs] stopped and thwarted terrorist attacks both here and in Europe – saving real lives.”

However, our review of the government’s claims about the role that NSA “bulk” surveillance of phone and email communications records has had in keeping the United States safe from terrorism shows that these claims are overblown and even misleading. An in-depth analysis of 225 individuals recruited by al-Qaeda or a like-minded group or inspired by al-Qaeda’s ideology, and charged in the United States with an act of terrorism since 9/11, demonstrates that traditional investigative methods, such as the use of informants, tips from local communities, and targeted intelligence operations, provided the initial impetus for investigations in the majority of cases, while the contribution of NSA’s bulk surveillance programs to these cases was minimal. Indeed, the controversial bulk collection of American telephone metadata, which includes the telephone numbers that originate and receive calls, as well as the time and date of those calls but not their content, under Section 215 of the USA PATRIOT Act, appears to have played an identifiable role in initiating, at most, 1.8 percent of these cases. NSA programs involving the surveillance of non-U.S. persons outside of the United States under Section 702 of the FISA Amendments Act played a role in 4.4 percent of the terrorism cases we examined, and NSA surveillance under an unidentified authority played a role in 1.3 percent of the cases we examined.

quote:

GCHQ accused of 'persistent' illegal hacking at security tribunal | UK news | The Guardian

UK government monitoring station admits hacking devices for the first time during case brought by Privacy International and internet service providers

GCHQ carries out “persistent” illegal hacking of phones, computers and networks worldwide under broad “thematic” warrants that ignore privacy safeguards, a security tribunal has heard.

Microphones and cameras on electronic devices can be remotely activated without owners’ knowledge, photographs and personal documents copied and locations discovered, the Investigatory Powers Tribunal (IPT) has been told.

GCHQ, the government monitoring station in Cheltenham, has for the first time in a court case admitted that it carries out computer network exploitation (CNE) – commonly known as hacking – both in the UK and overseas.

Some CNE operations are said to be “persistent” – where listening programs are left on targeted devices – while others are “non-persistent”, where the monitoring ends with each internet session.

The claim that the government’s hacking activities are disproportionate and illegal has been brought by Privacy International and seven international internet service providers.

The case is being heard at the IPT, which deals with complaints about the intelligence services and surveillance by government organisations. The four-day hearing is at the Rolls Building in central London.

“The [legal] regime governing CNE … remains disproportionate,” Ben Jaffey, counsel for Privacy International, told the tribunal. “Given the high potential level of intrusiveness, including over large numbers of innocent persons, there are inadequate safeguards and limitations.”

Related: GCHQ's spy malware operation faces legal challenge

The case has been brought in the wake of revelations by the American whistleblower Edward Snowden who exposed the extent of surveillance carried out by the US’s National Security Agency and the UK’s GCHQ.

Snowden’s documents referred to GCHQ’s CNE capabilities, the tribunal was told, including “a programme called Nosey Smurf which involved implanting malware to activate the microphone on smartphones; Dreamy Smurf, which had the capability to switch on smartphones; Tracker Smurf, which had the capability to provide the location of a target’s smartphone with high precision; and Paranoid Smurf, which ensured all malware remained hidden”.

One illegal aspect of GCHQ’s hacking, Jaffey said, is making changes to targeted computers, an activity that undermines their later use as evidence. “What parliament did not authorise was CNE that impairs the operation of a computer …” he said.

“If state authorities are permitted to alter or impair the operation of a computer, the reliability and admissibility of such evidence will be called into question, as will the need to disclose a past CNE operation to the defence.”

In 2013, the tribunal was told, 20% of GCHQ’s intelligence reports contained information derived from hacking.

The reliance of the intelligence services on what are termed “thematic” warrants – that do not name individuals or addresses but rely on generalised categories of people or places – are an “exorbitant” extension of normal powers, Jaffey told the tribunal.

Under section five of the Intelligence Services Act, he said, proper safeguards are being bypassed so that groups as widely defined, for example, as “all mobile telephones” in Birmingham could be targeted.

Some of the intelligence oversight commissioners, such as Sir Mark Waller, had recently warned in their reports that the security agencies’ interpretation of thematic warrants were “very arguable”, Jaffey pointed out.

Related: Snowden surveillance revelations drive UK and US policy in opposite directions

Newly released documents from the long-running case include a warning from Ross Anderson, professor of security engineering at Cambridge University, that “it is only a matter of time before CNE causes fatal accidents”.

Citing denial of service attacks by online protesters in Oregon, USA, who hijacked hospital servers, installed malware and interfered with medical equipment, Anderson said: “Computers are becoming embedded in ever more devices, on which human societies depend ever more in ways that are complex and ever harder to predict.”

In a written response, Ciaran Martin, director of cyber security at GCHQ, said: “[We] never carry out reckless and irresponsible CNE operations ... GCHQ’s processes for CNE include an expert risk assessment panel.”

The documents include a “gist” – or summary – of internal GCHQ advice to staff about the legality of hacking. They explain that: “The [Intelligence Services Act] warrant and authorisations scheme is a mechanism for removing liability that would otherwise attach to interference with property such as computers, phones and routers. This interference would otherwise be a criminal offence under the Computer Misuse Act.”

Another GCHQ instruction states: “CNE involves gaining remote access to computers and networks and possibly modifying their software without the knowledge or consent of the owners and users with the aim of obtaining intelligence ... CNE operations carry political risk. These risks are assessed by the relevant team – consult them at an early stage if you’re considering a CNE operation”

Lawyers for GCHQ argue that its CNE activities are “proportionate”. They dismissed Privacy International’s claims as “extreme allegations” that do not accurately describe the reality of GCHQ’s operations.

“Over the last year the threat to the UK from international terrorism has continued to increase,” James Eadie QC, for GCHQ, told the tribunal in written submissions. “GCHQ and other intelligence agencies must develop innovative and agile technical capabilities to meet these serious national security challenges. Computer network exploitation is one such capability … CNE may, in some cases, be the only way to acquire intelligence coverage of a terrorist suspect or serious criminal in a foreign country.”

The legal regime governing its deployment provides “stringent safeguards” for CNE activities, Eadie added. “It is denied that GCHQ is engaged in any unlawful and indiscriminate mass surveillance activities.”

Commenting on the hearing, Caroline Wilson Palow, general counsel at Privacy International, said: “The light-touch authorisation and oversight regime that GCHQ has been enjoying should never have been permitted. Perhaps it wouldn’t have been if parliament had been notified in the first place that GCHQ was hacking. We hope the tribunal will stand up for our rights and reign in GCHQ’s unlawful spying.”

The seven internet service providers involved in the case are: GreenNet, Riseup Networks, Mango Email Service, Jinbonet from Korea, Greenhost, Media Jumpstart, and Chaos Computer Club.

Some sessions of the IPT are closed and held in secret. The case continues.

Bron: www.theguardian.com

quote:

Privacyorganisaties: Facebook moet stoppen met datadoorgifte naar VS

quote:

De organisaties geven Facebook en zijn dochterbedrijven tot en met vrijdag 15 januari om zijn beleid duidelijk te maken over het stoppen met de doorgifte van persoonsgegevens van Europese gebruikers naar de VS. Als Facebook geen afdoende reactie geeft, kunnen gerechtelijke stappen volgen, dreigen de organisaties. Het gaat om Privacy First, Bits of Freedom, het Public Interest Litigation Project en Platform Bescherming Burgerrechten. Daarnaast onderschrijven enkele individuele Facebook-gebruikers de sommatie.

quote:

Datadrift: leest de overheid straks mee met jouw appjes?

quote:

Na de aanslagen in Parijs is de discussie over afluisteren, aftappen en privacy weer opgelaaid. Volgens de overheid kunnen WhatsAppjes, e-mails en locatiegegevens puzzelstukjes zijn die een volgende aanslag voorkomen en criminelen dwarsbomen.

Vandaag werd een nieuwe wet ingediend, waarmee de politie ruimere bevoegdheden krijgt om verdachten van misdrijven te hacken. Het kabinet werkt ook nog aan twee andere wetten die het mogelijk maken meer informatie te verzamelen.

Dat maakt de kans groter dat de overheid je privégegevens in handen krijgt. Welke gevolgen heeft dat voor jou? Deze interactieve special vertelt je in vijf hoofdstukken hoe en waar de nieuwe regelgeving jou kan raken.

quote:

ODNI admits spy chief’s phone was hit by hackers

quote:

Director of National Intelligence James Clapper’s office has confirmed that phone calls intended for the director were being re-routed to a pro-Palestinian hotline after a hacker claimed to have gained access to the spy chief’s personal Verizon account.

Brian Hale, a spokesperson for Mr. Clapper’s office, told Motherboard Tuesday that authorities had been notified of an apparent social engineering prank that had compromised Mr. Clapper’s home and mobile phone lines.

A hacker calling himself “Cracka” told Motherboard this week that he had broken into several of the intelligence director’s personal accounts, including a Verizon FiOS profile, and changed the settings so that calls placed to Mr. Clapper’s home were being automatically forwarded to a phone number registered to the Free Palestine Movement.

The hacker claiming responsibility told Motherboard that he did not want to be identified, but the website said he was among the individuals involved in a series of similar cyber-pranks waged late last year by a previously unknown hacking collective, Crackas With Attitude, against targets including CIA Director John Brennan and Homeland Security Secretary Jeh Johnson.

At the time, the collective said the hacks had been done in support of the Palestinian cause, and emails lifted from Mr. Brennan’s personal account were subsequently provided to and published by WikiLeaks.

Calls placed by Motherboard to a phone number for Mr. Clapper on Monday evening were indeed routed to the Free Palestine Movement, and the group’s co-founder, Paul Larudee, told the website that he had been receiving calls intended for the intelligence director for over at hour at that point.

Additionally, Cracka told Motherboard that he has gained access to Mr. Clapper’s email account and a Yahoo account for his wife, Susan, but his claims could not immediately be verified.

“I just wanted the gov to know people aren’t [expletive] around, people know what they’re doing and people don’t agree #FreePalestine,” the hacker told Motherboard.

After the ODNI confirmed the phone line had been hacked, however, questions were quickly raised about the intelligence director’s apparent lapse in operational security.

“If I’m the director of National Intelligence of the United States of America, nobody is going to know where the [expletive] I live, nobody is going to have my [expletive] phone number or address,” Michael Adams, an information security expert previously with the U.S. Special Operations Command, told Motherboard.

quote:

Snooper's charter: cafes and libraries face having to store Wi-Fi users' data | World news | The Guardian

Theresa May gives first hint costs may far exceed £240m estimate as it emerges even small-scale providers could be targeted

Coffee shops running Wi-Fi networks may have to store internet data under new snooping laws, Theresa May has said.

Small-scale networks such as those in cafes, libraries and universities could find themselves targeted under the legislation and forced to hand over customers’ confidential personal data tracking their web use.

Related: Why journalists should challenge the new surveillance powers

The home secretary has also given her first hint that the costs of her snooper’s charter are likely to go far beyond the official £240m estimate. May told peers and MPs that talks were under way with internet and phone companies over costs and their technical capacity to deliver the measures, after being told that Vodafone, O2 and EE had testified that each company could each spend that amount alone in implementing the proposed surveillance law.

During nearly two hours of questioning by the joint parliamentary scrutiny committee on her bill, the home secretary revealed that small-scale internet providers would not be excluded from the requirement to store their customer’s internet records for up to 12 months.

“I do not think it would be right for us to exclude any networks,” she told MPs and peers. “If you look at how people do their business these days, it is on the move.”

May rejected demands from the information commissioner and from the defence and security industries that there should be a “sunset clause” on the legislation ensuring it would be revisited within five to seven years to cope with the rapid pace of technological change. She insisted the bill was “technology neutral” and fit for a rapidly changing technological world.

Related: Mass snooping and more – the measures in Theresa May's bill

The home secretary had no answer when questioned by MPs and peers as to how she would enforce legal notices requiring overseas internet and technology companies, such as Apple, Facebook, Twitter and Google, to store their customers’ communications data records for 12 months and to hand them over to British police and security agencies on request. May said they were still examining issues of “extra-territoriality”.

She did, however, attempt to reassure the scrutiny committee that judicial commissioners, to be appointed to operate a “double-lock” authorisation process on intercept and bulk interception warrants, would have sufficient flexibility to examine decisions taken by cabinet ministers to order intrusive snooping operations.

The scrutiny committee has had only two and a half months to examine the 300-page bill which is being introduced in the wake of disclosures by the whistleblower Edward Snowden, uncovering mass surveillance and bulk collection programmes operated by Britain’s GCHQ and the National Security Agency in the US. The committee is to produce its pre-legislative scrutiny report by 9 February before the bill is given a Commons second reading.

The issue of the costs faced by the internet and phone companies in complying with the bill’s requirements to collect, store and retain for 12 months all their customers’ communications data tracking their individual use of the web, email and mobile phones could prove a serious difficulty for the Home Office.

Related: The Guardian view on surveillance: citizens must be the state’s master. Not its plaything | Editorial

The Labour MP David Hanson raised the issue with May, saying that Vodafone, EE, O2 and Three had testified in evidence that they could each spend £240m alone and were troubled about their current capacity to deliver compliance with the legislation on budget and on time. O2 had said the costs involved will be “huge”, while EE said that if there was any cap or limit on the government reimbursing their costs for storing the data involved, it could make things very difficult.

May made clear that the government had agreed to underwrite the costs involved in the companies’ complying with the bill on a “cost recovery basis”. She said the Home Office was in talks with the companies but insisted that the initial estimate had not been “plucked out of the air”.

She said: “We have provided some indicative figures. We are still in discussion with individual communication service providers about ways in which these capabilities are to be provided. We will have reasonable cost recovery when we require these companies to provide these capabilities.”

May said that she had spoken to the companies about the sums of money involved and the technical feasibility and that they had been responsive.

Bron: www.theguardian.com

quote:

New York Wants to Force Vendors to Decrypt Users’ Phones

A bill that is making its way through the New York state assembly would require that smartphone manufacturers build mechanisms into the devices that would allow the companies to decrypt or unlock them on demand from law enforcement.

The New York bill is the latest entry in a long-running debate between privacy advocates and security experts on one side and law enforcement agencies and many politicians on the other. The revelations of the last few years about widespread government surveillance, especially that involving cell phones and email systems, has spurred device manufacturers to increase the use of encryption. New Apple iPhones now are encrypted by default, as are some Android devices.

The FBI, Justice Department and other agencies have been pushing back against this trend, talking with manufacturers about potential ways around default or user-enabled encryption.

“Encryption threatens to lead us all to a very, very dark place. The place that this is leading us is one that I would suggest we shouldn’t go without careful thought and public debate,” FBI Director James Comey said of the encryption of mobile devices in 2014.

Bron: www.onthewire.io

quote:

No Backdoors But UK Government Still Wants Encryption Decrypted On Request… | TechCrunch

Yesterday the U.K. Home Secretary, Theresa May, spent two hours giving evidence to a joint select committee tasked with scrutinizing proposed new surveillance legislation.

The draft Investigatory Powers Bill, covering the operation of surveillance capabilities deployed by domestic security and law enforcement agencies, is currently before parliament — with the government aiming to legislate by the end of this year.

During the committee session May was asked to clarify the implications of the draft bill’s wording for encryption. Various concerns have been raised about this — not least because it includes a clause that communications providers might be required to “remove electronic protection of data”.

Does this mean the government wants backdoors inserted into services or the handing over of encryption keys, May was asked by the committee. No, she replied: “We are not saying to them that government wants keys to their encryption — no, absolutely not.”

Encryption that can be decrypted on request

However the clarity the committee was seeking on the encryption point failed to materialize, as May reiterated the government’s position that the expectation will be that a lawfully served warrant will result in unencrypted data being handed over by the company served with the warrant.

“Where we are lawfully serving a warrant on a provider so that they are required to provide certain information to the authorities, and that warrant has been gone through the proper authorization process — so it’s entirely lawful — the company should take reasonable steps to ensure that they are able to comply with the warrant that has been served on them. That is the position today and it will be the position tomorrow under the legislation,” said May.

“As a government we believe encryption is important. It is important that data can be kept safe and secure. We are not proposing in this bill to make any changes in relation to the issue of encryption. And the legal position around that. The current legal position in respect of encryption will be repeated in the legislation of the bill. The only difference will be that the current legal position is set out in secondary legislation and it will be, obviously, in the bill,” she added.

Theresa May

May was pressed specifically on the implications of the legislation for end-to-end encryption. Her comments on this point provide little reassurance that the government either appreciates the technical nuance involved (i.e. that properly implemented end-to-end encryption would mean a company is unable to decrypt data itself, and therefore unable to comply with such an expectation), or is not intentionally seeking to undermine — or at very least obfuscate — the legal position around end-to-end encryption.

In the instance where a company that has implemented end-to-end encryption tells the authorities it is unable to provide data, what will the bill’s reference to removing electronic protection mean in practice, May was asked?

“What we are saying to companies… is that when a warrant is lawfully served on them there is an expectation that they will be able to take reasonable steps to ensure that they can comply with that warrant. i.e. that they can provide the information that is being requested under that lawful warrant in a form which is legible for the authorities,” she repeated.

The weight of the bill’s requirement, as it stands, appears to rest on what is meant by the phrase “reasonable steps”. And whether removing end-to-end encryption would be considered a reasonably required step by the law. It’s unclear at this stage what the law will consider reasonable, and the lack of clarity on this point appears intentional — as a way for the government to side-step the issue of end-to-end encryption without explicitly stating whether the technology effectively offers a workaround to the legislation or not.

And indeed, in other answers to the committee, May revealed that other instances of ‘untightened’ language in the bill are intentional — in order for the legislation to provide “flexibility”, as she put it. Such as to allow definitions to be broad enough to accommodate advances in technology, for example.

Clarity vs flexibility

“It’s a balance between trying to ensure that legislation is so drafted that it is clear for people but that it isn’t so drafted that it actually mean that it will only have a very, very limited life — precisely because definitions will move on and there will be developments,” she said.

At another point in the session, the lack of clarity about exactly what bulk datasets are — and the Home Office’s ongoing refusal to provide the committee with a list of these (their public existence was only revealed last March) — is also apparently intentional, with May again using the word flexibility when asked about these.

Here she seemed to mean affording agencies the wiggle-room of operational secrecy necessary not to tip off criminals about the sorts of lists they might be looking at. (Although she gave one example of a bulk dataset being a list of people with firearms licences.)

During the session, she also rejected general criticism that the bill’s language is uncertain, arguing that the definition of the so-called Internet Connection Records (ICRs) — i.e the requirement that ISPs and other communications service providers (CSPs) log a list of websites visited by every user for a full year — has, for example, been tightened up.

But asked by the committee to give her own definition of what an ICR is — “in terms that might be understandable by a layperson” — she offered only “an equivalence” explanation, describing it as: “When you have somebody who is accessing a particular site… or is using the Internet for a particular communication, you wish to be able to identify that. You’re not trying to find out whether they have looked at certain pages of a website, which is where I think the confusion may arise because of what people felt was in the draft Communications Data Bill.

“It is simply about that access to a particular site or the use of the Internet for a communication,” she added.

May rejected the suggestion put to her by the committee that a sunset clause or regular review might be an appropriate way to ensure expansive investigatory powers do not shift, over time, to become disproportionate — arguing specifically that CSPs need the certainty that a non-bookended bill provides if they are to put in place infrastructure to enable the collection of ICRs.

Internet connection records

May fielded a lot of questions about ICRs, including whether they might not result in producing far too much data of limited utility, as well as on the costs of implementing them, the security challenges of storing so much sensitive data, and the technical feasibility of being able to capture the sort of data the agencies are after via this method.

“The confidence we have [on technical feasibility] comes from the discussions that we’ve been having with [communications service providers],” she said. “We have had numerous discussions with them about how access to ICRs may be achieved.

“The discussions we’ve had with them have been about some of these technical issues — about access. And obviously there are different ways in which different providers approach the way they operate but we are confident from those discussions that it will be technically feasible for us to be able to ensure that there is access to the information that’s necessary.”

On the costs point, May said the previously mentioned £247 million figure to reimburse ISPs/CSPs’ costs for retaining and storing ICR data is “indicative” — adding: “We are obviously still in discussion with individual CSPs about the ways in which these capabilities would be provided.”

The committee noted it had previously heard from multiple CSPs expressing doubts that the £247 million figure would cover the costs of implementing ICRs across multiple providers. And the Home Secretary was challenged on whether there would be “sufficient resource” to meet the requirements the bill proposes to place on CSPs.

She agreed to provide the committee with “further indications” of technical feasibility and costs. “We do provide reasonable cost recovery,” she added. “That’s been a long-standing policy of the U.K. government where we are requiring these companies to do things in order to have this sort of access.”

She also agreed to provide the committee with additional operational examples of why ICRs are necessary as an investigatory power.

On the point about the usefulness of ICR data itself, May was asked to respond to other evidence heard by the committee that, for example, smartphones being constantly connected to the Internet will mean that collecting a list of connected services would offer only a very muddy intelligence signal.

Do you see a danger that you’ll just collect a vast amount of data of limited utility in the end, she was asked? May said the government’s aim is to have “a more targeted approach” to handle “this issue of volume of data”, going on to argue that recording individual connections/sessions will not generate an unmanageable volume of data.

“I don’t think there’s going to be that volume of data in the much more targeted approach we will take,” said May, contrasting the IP bill ICR proposals with a prior attempt, in Denmark, to mandate telcos store data on users.

“We will have a more targeted approach. Which I think we believe will reduce that overall volume of data recorded and reduce the risk that connections are missed,” she said, adding: “I’m reliably informed that the Danish implementation was based around sampling every 500th packet, rather than recording individual Internet connections or sessions. Which is what we propose to do.”

On the issue of how the government would enforce requirements set out in the IP bill on overseas communications providers May said it is an issue the Home Office is looking at.

“There are certain aspects of this legislation where we are looking at extraterritoriality. But there are requirements that we will be issuing — obviously there will be data retention notices that will be issued to communications service providers in relation to requirement for them to hold data in a way that enables that to be accessible.”

“We do repeat the position that we put into DRIPA that has always been asserted by all governments in relation to the ability to exercise a warrant against a company that is offering services in the U.K. and abiding by the law of the U.K.,” she added later.

Judicial oversight as privacy safeguard

On the overarching point about the risks to individuals’ privacy by sledgehammer measures that propose to monitor U.K. citizens in bulk, May say the safeguard against this is the double-lock mechanism that involves both judicial and minister review of warrants.

“The double lock authorization is there where there are processes which are intrusive into an individual,” she argued.

On the judicial component of the double-lock May was asked by the committee whether these judicial powers will be just narrow “process checks” or also allow for judges to also assess the necessity and proportionality of warrants. She said there will be scope for judges to scrutinize the merits of a warrant — not just do a process check — but said it will be open to judges to choose which type of approach they take on a case-by-case basis.

“One of the advantages that one has with judicial review principles is that it gives the judicial commissioners a degree of flexibility as to how they approach particular cases, depending on the impact on the individual of what it is is that they’re looking at. And so they will be able to make an assessment and a judgement as to how they wish to approach the evidence that is before them,” she said.

“The Secretary of State looks at necessity and proportionality of the warrantry. So it will be open to the senior high court judge to look at necessity and proportionality but they will be able, under the judicial review provisions, to have the flexibility to determine the way in which they look at that decision.”

“It will be up to the judge… to determine how they approach any particular issue,” she added. “There may well be circumstances in which they might apply a lighter touch approach to reviewing a Secretary of State’s decision. And others in which they will in fact look more at necessity and proportionality.

“The whole point of the double-lock authorization is that both parties have to agree to the warrant being applied. And if the judicial commissioner decides that the warrant should not be applied — having looked at it, and applied the tests that they need to apply — then obviously it can’t be operated.”

Bulk powers

May was also probed on the bulk powers provisions in the bill, and challenged to respond to criticism that security analysts are in fact ‘drowning in too much data’ because of such mass harvesting processes — and that bulk collection is therefore counterproductive when it comes to helping national security.

She stridently rebutted the view that measures in the bill constitute mass surveillance — asserting: “We do not collect all the data, all of the time” — before going on to argue that “bulk collection” is necessary to ensure there is a “haystack” of data available to be filtered for intelligence in the first place.

“There are a variety of ways in which of course the agencies are careful and do look to target how they deal with data. But if the suggestion is that you cannot collect any bulk data whatsoever, or have access to any bulk datasets whatsoever, then you’re going to miss the opportunity,” she said.

“It would be wrong to give the impression that we are collecting all of the data all of the time… But bulk capabilities are important because you do need — if you’re going to be able to investigate a target — you need to be able to acquire the communications in the first place and when the target is overseas bulk interception obviously is one of the key means, and indeed it may be the only means, by which it’s possible to obtain communications.”

“It isn’t the case that it is always used in an untargeted way,” she added. “Of course when we look, when particular incidents have taken place, we look at the systems that are in place to ensure that we can make the way we operate as effective as possible. Because there’s a very fundamental reason to be able to have access to this information, to be able to deal with this information; it is about keeping people safe and secure.”

May was also pressed on when operational cases will be published for the various bulk powers set out in the bill — such as bulk equipment interference powers (aka mass hacking capabilities) — with the committee noting prior warnings by QC David Anderson, who conducted the government’s independent review of terrorism legislation last summer, that there’s a risk of the legislation being unpicked at the European level without robust justification being made for such capabilities.

On this point the Home Secretary agreed to write to the committee with further explanation of why the bulk powers are necessary.

She was also probed on whether the bill afforded agencies with the ability to apply for so-called thematic warrants — potentially covering “a very large number of people and therefore cannot be classed as targeted”. “The answer is no,” she said. “It will not be possible to use a thematic warrant against a very large group of people.”

“The purpose of the thematic warrant is for example circumstances in which perhaps there’s a kidnap, there’s perhaps a threat to life, and there’s only certain information available and it’s necessary because of the pace at which something is developing to be able to identify the group of people who are involved with that particular criminal activity as being within the thematic warrant,” she added.

Overseas data-sharing

May was also asked about concerns that security agencies might workaround the legal framework set out in the IP bill by obtaining information from other countries, or vice versa, with one committee member noting “there isn’t very much in the bill about these issues” — and suggesting it could prove a sizable loophole for what is supposed to be a transparent legal framework for the operation of secretive state surveillance powers.

“We do look at the handling arrangements that are in place when we are sharing material with overseas partners. It’s clause 41 of the draft bill that sets out that before intercept material is shared with an overseas authority the issuing authority sharing the material must be satisfied that they’ve got appropriate handling arrangements in place to protect the material. Equivalent to those that apply under clause 40,” said May.

“There will be codes of practice [in the case of U.K. agencies receiving data shared by overseas countries],” she added. “We’ve been very clear that in terms of ensuring that where information is obtained it is done so against an appropriate legal framework. And that there are provisions in place that ensure that the agencies operate and only obtain information where it is lawful for them to do so.”

The questioner followed up by asking where do we find that legal framework — wondering whether it is down to a series of international treaties, some of which may not be in the public domain? May did not give a clear answer on this, saying only: “There are various aspects to the legal framework against which the agencies operate,” before suggesting she could again write to the committee to provide more information on this point.

The evidence session was the last one the committee will hear. It will now begin compiling its recommendations — with a report due to be published by mid February.


Bron: techcrunch.com

twitter:

Snowden twitterde op dinsdag 19-01-2016 om 12:34:46 Huge: Appeals Court rejects UK's effort to criminalize an act of journalism as "terrorism." https://t.co/E1kJh8n9Gu https://t.co/RE1OBIGPey reageer retweet

quote:

The Guardian view on the David Miranda verdict: a counterpunch for freedom | Editorial | Opinion | The Guardian

The court of appeal’s ruling in the case of David Miranda’s 2013 detention at Heathrow is indisputably an advance for press freedom. It establishes with very great care, balancing the needs of security and the rights of journalists, that existing police anti-terror powers to stop and question travellers in and out of this country are incompatible with freedom of expression protections under the European convention on human rights.

That judgment should be strongly welcomed by all news organisations and journalists, since the media’s ability to protect confidential sources was otherwise wide open to real abuse, as the Miranda case proved. The government, which has behaved as though no such need for balance exists, is now under an obligation to respond with changes to the law. It should make clear in parliament that it will do this soon.

The ruling does not protect Mr Miranda, who was stopped when carrying material from the Edward Snowden revelations. But it re-establishes the principle, which the Guardian always pressed in the Snowden case, that Mr Miranda should have had the protection of a public interest defence against his detention. The stop powers in schedule 7 of the Terrorism Act 2000 are very sweeping. In some years, as many as 85,000 people have been stopped, overwhelmingly Muslims. Tuesday’s victory is important for journalism, but the stop powers need to be well scrutinised in other respects too.

Bron: www.theguardian.com

quote:

Journalism is not terrorism. Criticism of the government is not violence

quote:

As Greenwald has already said, the court ruling is “an enormous victory, first and foremost for press freedoms, because what the court ruled is that the UK parliament can’t purport to allow its police to seize whatever they want to take from journalists by pretending it’s a terrorism investigation”.

David Miranda ruling throws new light on schedule 7 powers

He’s exactly right: journalists, or anyone working on behalf of newspapers for that matter, should not be worried about being detained, interrogated and having their source material confiscated for doing their job in a democracy.

But even more disturbing than the UK government’s willingness to detain a journalist in violation of his human rights is what they attempted to claim after Miranda’s detention to justify their actions. In arguing that they had every right to detain Miranda under the Terrorism Act in 2013, the government put forth a the radical and expansive definition of terrorism. Here is the government’s exact words from a court filing they made in November 2013:

. Additionally the disclosure [of NSA/GCHQ documents], or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism...

Think about the implications of that for a minute: terrorism was defined as publishing information designed to influence the government. That definition includes no mention of violence or even a threat of violence, which David Miranda never came anywhere near doing.

In other words, any opinion or action the government does not like could potentially have been decreed as “terrorism” under their warped definition.

quote:

For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher • The Register

The UK government's official voice encryption protocol, around which it is hoping to build an ecosystem of products, has a massive backdoor that would enable the security services to intercept and listen to all past and present calls, a researcher has discovered.

Dr Steven Murdoch of University College London has posted an extensive blog post digging into the MIKEY-SAKKE spec in which he concludes that it has been specifically designed to "allow undetectable and unauditable mass surveillance."

He notes that in the "vast majority of cases" the protocol would be "actively harmful for security."

Murdoch uses the EFF's scorecard as a way of measuring the security of MIKEY-SAKKE, and concludes that it only manages to meet one of the four key elements for protocol design, namely that it provides end-to-end encryption.

However, due to the way that the system creates and shares encryption keys, the design would enable a telecom provider to insert themselves as a man-in-the-middle without users at either end being aware. The system would also allow a third party to unencrypt past and future conversations. And it does not allow for people to be anonymous or to verify the identity of the person they are talking to.

In other words, it would be the perfect model for the security services, who can apply pressure to a telecom company and then carry out complete surveillance on an unidentified individual.

While it is surprising that the official UK government system would have such a significant backdoor, it is perhaps less surprising when you consider who developed the spec: the information security arm of the UK listening post GCHQ, the Communications-Electronics Security Group (CESG).

The CESG – and the UK's civil service – started pushing the approach late last year and has incorporated it into a product spec called Secure Chorus. It has also set itself up as an evaluator of other products and is trying to market its approach commercially by pushing it as "government-grade security." One example of a product already going through this evaluation is Cryptify Call, available for iOS and Android.

Guess which one was developed by the UK security services

There is increasing demand for voicecall encryption. Unlike instant messaging, which effectively allowed companies to start from scratch and so has resulted in a number of highly secure products, phonecalls run over older infrastructure and almost always pass through telecom companies, usually in an unencrypted form (although the information may be encrypted while in transit).

MIKEY-SAKKE is unusual in that unlike most secure messaging and phone systems, it makes no effort at all to protect the identity of the people communicating with one another, providing easy-to-access maps of metadata.

That metadata can be used to specifically identify individuals and then, using the backdoor, access all their calls past and present. In other words, it is the perfect spying system.

Murdoch highlights in his post a number of occasions in which the UK security services have successfully compromised mobile phone networks – instances that were revealed by Edward Snowden – and notes that this is likely only the tip of the iceberg.

He also notes that GCHQ tried 20 years ago to introduce a similar protocol but that a "notable difference" exists between that effort and this MIKEY-SAKKE approach: "While the GCHQ protocol was explicitly stated to support key escrow to facilitate law enforcement and intelligence agency access, this controversial aspect has not been included in the description of MIKEY-SAKKE and instead the efficiency over EDH is emphasised."

Or in other words, the UK government doesn't want you to know that it can spy on everything you say.

Murdoch notes that things don't have to be this way – there are other products and protocols that provide a much higher level of security. Some, for example, protect past messages from being unencrypted, so even if someone does gain access to your encryption keys, they are limited to current calls. Others make it much harder for telcos to access unencrypted data as it flows through their system.

The hardest aspect, however, is ensuring that when initial contact is made with someone in order to exchange key encryption information, there isn't a person in the middle. One system to do this is to have people physically read out two words that appear on a device and have the other person hear and verify them before starting an encrypted conversation. However, Murdoch notes that even this approach is not foolproof; an attacker could simply impersonate the other caller.

In short then, unless you want to give telcos and government agencies unrestricted access to your phonecalls, it's best not to buy into the MIKEY-SAKKE

Bron: www.theregister.co.uk

quote:

Edward Snowden Questions PGP Encryption Code Shown In Latest ISIS Propaganda Video

The IBT Pulse Newsletter keeps you connected to the biggest stories unfolding in the global economy.

Maybe ISIS isn’t so good at encryption after all. Edward Snowden says that code the Islamic State terrorist group disseminated in a video to show it used an encryption app to carry out the horrific Paris terrorist attacks is little more than a publicity stunt.

Snowden, the former U.S. National Security Agency contractor who revealed classified surveillance programs to the press in 2013, tweeted screenshots of the ISIS propaganda video Sunday evening, hours after the extremist group released it. The video includes beheadings and footage of the ISIS gunmen who killed more than 100 people in Paris in November. But Snowden, an outspoken encryption advocate, said the code has too few letters to be a true example of PGP encryption, which ISIS claims to use.

He said the encryption key identification code, 1548OH76, would be rendered invalid by the H and O characters. Snowden also pointed to the timestamp, which showed the messages were decrypted three days after the attack (that could also mean the message is valid, albeit opened after the attack).



PGP (an acronym for Pretty Good Privacy) encryption is a popular method of encoding messages, and is often used to authenticate private texts, email messages and other communication. Snowden famously used PGP to contact journalists Glenn Greenwald, Laura Poitras and others in order to set up a meeting, where he passed them classified NSA documents.

The ISIS video, and Snowden’s reaction to it, come at a time when lawmakers throughout the U.S. and U.K. are pushing for legislation that would prohibit, or limit, encrypted messaging services.

Bron: www.ibtimes.com

quote:

Upon Petraeus’ Request, Prosecutors Removed Embarrassing Reference To Kiriakou Case From Plea Deal

quote:

When former CIA director David Petraeus requested prosecutors remove reference to a leak case against former CIA officer John Kiriakou from his plea deal, prosecutors astoundingly followed his wishes.

“Oaths do matter, and there are indeed consequences for those who believe they are above the laws that protect our fellow officers and enable American intelligence agencies to operate with the requisite degree of secrecy,” Petraeus declared in a statement to the CIA workforce after Kiriakou pled guilty to violating the Intelligence Identities Protection Act (IIPA) in 2013.

This statement shows Petraeus understood the law when he improperly handled and disclosed classified information, including “Black Books” containing the identities of covert officers, war strategy, intelligence capabilities and notes from his discussions with President Barack Obama. He still provided his biographer, Paula Broadwell, access to these books after she asked to use them as source material.

But, according to the Washington Post, in February 2015, Petraeus’ lawyers requested the statement Petraeus made about Kiriakou’s case not appear in the statement of facts in the plea deal.

“In the statement of facts that would accompany the plea agreement, prosecutors also said they would want to reference a Petraeus message sent to the CIA workforce in 2012 after John Kiriakou, a former agency officer, was convicted of leaking classified information,” the Post reported. A person involved with discussions about the plea deal told the Post the Kiriakou reference was “off the table.”

The issue over the embarrassing Kiriakou reference came up during a meeting with James Melendres, a prosecutor with the Justice Department’s National Security Division. He proposed a deal. Petraeus would plead guilty to lying to FBI agents and mishandling classified information. Petraeus’ lawyer objected to the lying charge and that became a “non-starter.”

The plea deal Petraeus agreed to in March 2015 involved only one charge—the unauthorized removal and retention of classified material. He received a sentence of probation for two years and a $40,000 fine.

“It’s weird on many levels that [prosecutors are] realizing the hypocrisy by admitting they’re going to keep something out of a statement of facts wherein Petraeus acknowledges he realizes leaking classified information is a crime,” Jesselyn Radack, a national security & human rights lawyer for Expose Facts who has represented numerous whistleblower clients, including Kiriakou. “It’s pretty striking that they would deliberately omit that because it makes Petraeus look bad and looks embarrassing.”

The Post report also shows how willing prosecutors were to acquiesce to the demands of Petraeus to remain out of prison and not be charged with any felony that would result in the loss of a pension.

quote:

EFF wants the NSA to destroy 14 years worth' of phone records

When the USA Freedom Act passed last June, it put an end to the country’s National Security Agency’s (NSA) mass surveillance program in which it collected millions of phone records of citizens’ calls over 14 years.

But the Electronic Frontier Foundation (EFF) believes that isn’t enough to protect people’s privacy, because those records still exist in various NSA databases. The non-profit is calling on a secret court to consider ways to delete this trove of data without destroying evidence that proves the NSA snooped on citizens.

EFF says that, “Even after the President, other members of the executive branch, Congress, the press, and the public fully and freely discussed the fact that the government was gathering the records of millions of Americans,” the government claims that no one other than a clutch of Verizon Business customers have sufficient proof to show that their phone records were actually collected.

As such, the government says that it can’t be sued by bodies like the EFF. The organization is currently involved in two pending cases seeking a remedy for the past 14 years of illegal phone record collection.

EFF wrote a letter (PDF) to the secret Foreign Intelligence Surveillance Act (FISA) court last December which it has now made public, explaining that it is ready to discuss options that will allow destruction of the records in ways that still preserve its ability to prosecute the cases.

It’ll be interesting to see how this pans out: if the government doesn’t agree to a discussion about how to handle these phone records, it’s possible that they will remain on file for years to come. Plus, it could allow the NSA to avoid being held accountable for its illegal mass surveillance.

At a time when people across the world are fighting to secure their rights to privacy in the future, it’s also important to ensure that our past is confidential too.

Bron: thenextweb.com

quote:

Canada's electronic spy agency stops sharing some metadata with partners - Politics - CBC News

The Communications Security Establishment, Canada's electronic spy agency, has stopped sharing certain metadata with international partners after discovering it had not been sufficiently protecting that information before passing it on.

Defence Minister Harjit Sajjan says the sharing won't resume until he is satisfied that the proper protections are in place. Metadata is information that describes other data, such as an email address or telephone number, but not the content of a given email or recording of a phone call.

The issue is disclosed in the annual report of CSE commissioner Jean Pierre Plouffe, which was tabled in the House of Commons Thursday morning.

"While I was conducting this current comprehensive review, CSE discovered on its own that certain metadata was not being minimized properly," Plouffe explained in the report.

"Minimization is the process by which Canadian identity information contained in metadata is rendered unidentifiable prior to being shared …."

"The fact that CSE did not properly minimize Canadian identity information contained in certain metadata prior to being shared was contrary to the ministerial directive, and to CSE's operational policy."

Canada's Five Eyes partners, with which data is sometimes shared, are the United States, Australia, New Zealand and the United Kingdom.

The report also noted that "the metadata ministerial directive lacks clarity regarding the sharing of certain types of metadata with Five Eyes partners, as well as other aspects of CSE's metadata activities."

Plouffe goes on to say that the ministerial directive is unclear about key aspects of how CSE collects,uses and discloses metadata, and does not provide clear guidance for how CSE's metadata activities are undertaken, recommending the agency ask for a new directive to provide better guidance.

In a statement, Sajjan says the "metadata in question … did not contain names or enough information on its own to identify individuals" and that "taken together with CSE's suite of privacy protection measures, the privacy impact was low."

He added: "I am reassured that the commissioner's findings confirm the metadata errors that CSE identified were unintentional, and am satisfied with CSE's proactive measures, including suspending the sharing of this information with its partners and informing the Minister of Defence."

Sajjan said CSE won't resume sharing this information with Canada's partners until he is fully satisfied the effective systems and measures are in place."

Speaking to reporters on Parliament Hill, Sajjan did not specify what sort of metadata had been shared and said officials could not review the data to determine how many people might have been impacted without violating privacy laws.

Appearing alongside Sajjan, Public Safety Minister Ralph Goodale noted that the federal government is in the process of reviewing its security intelligence operations and is committed to introducing new parliamentary oversight of intelligence agencies.

Bron: www.cbc.ca

quote:

GCHQ whistleblower movie Official Secrets recruits Harrison Ford and Anthony Hopkins | Film | The Guardian


How the Observer broke the story of NSA ‘dirty tricks’ at the UN in the runup to the Iraq war in 2003 will star Natalie Dormer as news source Katharine Gun

Harrison Ford and Anthony Hopkins have joined the cast of Official Secrets, the long-mooted film about the Observer’s reporting of the GCHQ bugging scandal in 2003, it has been announced.

In the latest film to cover the activities of whistleblowers and the journalists who report their revelations, Official Secrets will tell the story of Katharine Gun, an officer at the Cheltenham-based government eavesdropping agency. She leaked an email that contained a request by America’s NSA to illegally bug the United Nations offices of six key countries in the run-up to the UN’s vote on whether to authorise the Iraq war.

Gun’s revelations were reported in the Observer (the Guardian’s sister Sunday newspaper) by journalists Martin Bright and Ed Vulliamy, and Gun was arrested and charged with breaking the Official Secrets Act. However, her case was dropped in 2004 after no evidence was offered by the prosecution.

According to the Hollywood Reporter, Hopkins will play a retired general and Ford a veteran CIA agent. The have been cast alongside The Hunger Games’s Natalie Dormer, who will play Gun, and Paul Bettany as Bright. Martin Freeman plays the Observer’s foreign affairs editor – whose character name, Peter Edwards, appears to be a composite of Vulliamy and real-life editor Peter Beaumont, who is now the Guardian’s Jerusalem correspondent.

Official Secrets will be directed by Mandela: Long Walk to Freedom’s Justin Chadwick, and shooting is due to start in May.

Bron: www.theguardian.com

quote:

CIA planned rendition operation to kidnap Edward Snowden

The US Central Intelligence Agency (CIA) prepared to kidnap Edward Snowden, the whistleblower who exposed illegal and unconstitutional mass spying by the National Security Agency (NSA), documents obtained by the Danish media outlet Denfri show.

US intelligence maintained an aircraft and paramilitary team on standby in Copenhagen, awaiting orders to seize Snowden in the event that he crossed into a number of European countries, the documents show. They were obtained by Denfri through a Freedom of Information Act suit in August 2015.

The existence of the CIA plane was first reported in 2014 by The Register, which identified the aircraft as a Gulfstream V, registered under the number N977GA. The plane had previously been used to transport CIA captives to the agency’s “black site” torture centers across Europe, which were built up as part of an expanding global network of secret CIA prisons since 9/11.

The latest documents appear to have decisively corroborated this account, showing that Danish police and government officers approved the positioning of the CIA plane in Copenhagen for unspecified “state purposes.” In one of the leaked government letters, US Federal Bureau of Investigation representatives also sought cooperation from the Norwegian government, demanding that they immediately notify US agencies in the event that Snowden travelled to Norway, Finland, Sweden or Denmark.

The Danish decision to host the plane was part of broader cooperation by Copenhagen with Washington’s extra-legal kidnapping and rendition network. The Danish state has sought to preserve total secrecy in relation to the stationing of the CIA plane on its soil.

“Denmark’s relationship with the USA would be damaged if the information [content redacted from the documents] becomes public knowledge,” Denmark’s interior ministry told Denfri.

The confirmation that Washington planned for a direct raid to seize Snowden and forcibly return him to US custody does not come as a surprise.

Snowden has become a public enemy of the first order in the eyes of the US ruling class since he began releasing troves of data on spy programs run by the NSA and other US government agencies in the summer of 2013. According to May 2014 comments from then-NSA Director Keith Alexander, Snowden downloaded more than 1 million secret US government documents.

For the “crime” of exposing the vast and criminal surveillance enterprises run the by US government, Snowden has been subjected to innumerable death threats and slanders by the American media and political establishment.

Snowden embodies a new generation of educated and technologically-trained workers and youth who are increasingly hostile to the existing social order. That is why he has been hounded and turned away by governments around the world, and now lives in de facto exile in Moscow, where he received a temporary visa only after being forced to live for weeks in Moscow’s international air terminal, after the US cancellation of his passport frustrated his effort to travel to Ecuador, where he was seeking asylum.

There is now firm evidence that the US ruling elite sought to make good on its threats against Snowden, in the form of a snatch-and-grab operation, likely aimed at transferring the whistleblower to a covert torture base somewhere in Europe.

Bron: www.wsws.org

quote:

Investigatory powers bill: snooper's charter lacks clarity, MPs warn | Law | The Guardian

Highly critical report says proposed legislation must be reviewed to ensure obligations on tech industry are clear

The government’s investigatory powers bill lacks clarity and is sowing confusion among tech firms about the extent to which “internet connection records” will be collected, a parliamentary select committee has warned.

The highly critical report by the House of Commons science and technology committee says there are widespread doubts about key definitions in the legislation, “not to mention the definability, of a number of the terms”.

The admission that many MPs and technology experts are baffled will reinforce political concerns that such a complex bill is being pushed through parliament at speed. Other select committees are meanwhile preparing assessments of different aspects of the bill.

Related: Investigatory powers bill: the key points

Launching the report, the Conservative MP Nicola Blackwood, who is chair of the committee, said: “It is vital we get the balance right between protecting our security and the health of our economy. We need our security services to be able to do their job and prevent terrorism, but as legislators we need to be careful not to inadvertently disadvantage the UK’s rapidly growing tech sector.

“The current lack of clarity within the draft investigatory powers bill is causing concern amongst businesses... The government must urgently review the legislation so that the obligations on the industry are clear and proportionate.

“There remain questions about the feasibility of collecting and storing internet connection records (ICRs), including concerns about ensuring security for the records from hackers. The bill was intended to provide clarity to the industry, but the current draft contains very broad and ambiguous definitions of ICRs, which are confusing communications providers. This must be put right for the bill to achieve its stated security goals.”

The collection of ICRs is to allow law enforcement agencies to identify the communications service to which a device has connected. The report calls on the government to ensure that obligations it is imposing on industry are both clear and proportionate.

The committee accepts the principle that intelligence and security agencies should “in tightly prescribed circumstances be able to seek to obtain unencrypted data from communications service providers”.

The report says: “However, there is confusion about how the draft bill would affect end-to-end encrypted communications, where decryption might not be possible by a communications provider that had not added the original encryption.

“The government should clarify and state clearly in the codes of practice (which will be published alongside the bill itself) that it will not be seeking unencrypted content in such cases, in line with the way existing legislation is currently applied.”

Commenting on encryption, Blackwood said: “Encryption is important in providing the secure services on the internet we all rely on, from credit card transactions and commerce to legal or medical communications.

“It is essential that the integrity and security of legitimate online transactions is maintained if we are to trust in, and benefit from, the opportunities of an increasingly digital economy. The government needs to do more to allay unfounded concerns that encryption will no longer be possible.”

Related: Privacy watchdog attacks snooper's charter over encryption

The MPs said the evidence they received suggested there were still many unanswered questions about how this legislation would work “in the fast moving world” of technological innovation. “There are good grounds to believe that without further refinement, there could be many unintended consequences for commerce arising from the current lack of clarity of the terms and scope of the legislation,” they added.

Antony Walker, deputy CEO of techUK, which represents the technology industry, said: “There are several important recommendations in this report that we urge the Home Office to take on board. In particular we need more clarity on fundamental issues, such as core definitions, encryption and equipment interference.

“These are all issues that we highlighted to the committee and can be addressed both in the bill and in the codes of practice which we believe must be published alongside the bill, and regularly updated, as recommended by the committee. Without that additional detail, too much of the bill will be open to interpretation, which undermines trust in both the legislation and the reputation of companies that have to comply with it.

“The draft bill presents an opportunity for the UK government to develop a world-leading legal framework that balances the security needs with democratic values and protects the health of our growing digital economy. But we have to get the details right.”

Bron: www.theguardian.com

quote:

The British want to come to America — with wiretap orders and search warrants

quote:

If U.S. and British negotiators have their way, MI5, the British domestic security service, could one day go directly to American companies such as Facebook or Google with a wiretap order for the online chats of British suspects in a counter­terrorism investigation.

The transatlantic allies have quietly begun negotiations this month on an agreement that would enable the British government to serve wiretap orders directly on U.S. communication firms for live intercepts in criminal and national security investigations involving its own citizens. Britain would also be able to serve orders to obtain stored data, such as emails.

The previously undisclosed talks are driven by what the two sides and tech firms say is an untenable situation in which foreign governments such as Britain cannot quickly obtain data for domestic probes because it happens to be held by companies in the United States. The issue highlights how digital data increasingly ignores national borders, creating vexing challenges for national security and public safety, and new concerns about privacy.

quote:

Draft snooper's charter 'fails on spying powers and privacy protections'

quote:

Theresa May’s draft “snooper’s charter” bill fails to cover all the intrusive spying powers of the security agencies and lacks clarity in its privacy protections, a parliamentary committee has said.

The intelligence and security committee said the draft legislation published by the home secretary suffered from a lack of sufficient time and preparation. It was evident that even those working on the legislation had not always been clear about what it was intended to achieve, it said.

The unexpectedly critical intervention by the ISC, which is nominated by the prime minister and chaired by the former Conservative attorney general, Dominic Grieve, comes just two days before a key scrutiny committee of MPs and peers is to deliver its verdict on the draft legislation aimed at regulating the surveillance powers of the security agencies.

quote:

Here you can read about:
- Signals Intelligence (SIGINT),
- Communications Security (COMSEC),
- Information Classification,
and also about the equipment, from past and present, which make that civilian and military leaders can communicate in order to fulfill their duties.

The main focus will be on the United States and its National Security Agency (NSA), but attention will also be paid to other countries and subjects.

quote:

How NSA contact chaining combines domestic and foreign phone records

quote:

In the previous posting we saw that the domestic telephone records, which NSA collected under authority of Section 215 of the USA PATRIOT Act (internally referred to as BR-FISA), were stored in the centralized contact chaining system MAINWAY, which also contains all kinds of metadata collected overseas.

Here we will take a step-by-step look at what NSA analysts do with these data in order to find yet unknown conspirators of foreign terrorist organisations.

It becomes clear that the initial contact chaining is followed by various analysis methods, and that the domestic metadata are largely integrated with the foreign ones, something NSA never talked about and which only very few observers noticed.

_{What is described here is the situation until the end of 2015. The current practice under the USA FREEDOM Act differs in various ways. The information in this article is almost completely derived from documents declassified by the US government, but these have various parts redacted.}

quote:

Apple weigert FBI te helpen om iPhone terrorist te kraken - rtlz.nl

Een rechter bepaalde gisteren dat Apple de FBI speciale software moet leveren die een bepaalde veiligheidsencryptie kan kraken. Maar Apple weigert dat.

Het technologiebedrijf zegt dat het een 'gevaarlijke achterdeur' in zijn systeem moet bouwen. "De overheid heeft ons gevraagd om iets dat we niet hebben en iets dat we te gevaarlijk vinden om te creëren.''

Misbruik door criminelen
Als rechercheurs de beveiliging van een telefoon kunnen kraken, kunnen criminelen zo'n gat in de beveiliging ook misbruiken, zegt Apple.

"Als de techniek eenmaal is gemaakt, kan het telkens weer worden gebruikt, op alle apparaten. Het zou hetzelfde zijn als een moedersleutel die honderden miljoenen sloten kan openen, van restaurants en banken tot winkels en huizen. Geen redelijk persoon zou dat acceptabel vinden."

Alle gegevens gewist
Om meer te weten te komen over de schutter, Syed Farook, willen rechercheurs van de FBI zijn telefoon uitpluizen. Maar dat kan niet, omdat ze nog niet door de beveiliging heen zijn. Als ze het te vaak proberen, zorgt ingebouwde software ervoor dat alle gegevens worden gewist.

Syed Farook en zijn vrouw Tashfeen Malik schoten op 2 december vorig jaar in het Californische San Bernardino 14 mensen dood. De twee terroristen werd later doodgeschoten door de politie.

Bron: www.rtlz.nl

quote:

Snowden komt terug naar de VS als hij een eerlijk proces krijgt - rtlz.nl

De voormalige medewerker van de Amerikaanse geheime dienst lijkt langzaam genoeg te hebben van zijn verblijf in Rusland. Hij woont daar sinds hij in 2013 de VS ontvluchtte, nadat hij details had gelekt van een grootschalig spionageprogramma van de Amerikaanse overheid. In de VS hangt hem daarvoor een gevangenisstraf van 30 jaar boven het hoofd.

Via Skype vertelde Snowden gisteren aan aanhangers in de Amerikaanse staat New Hampshire dat hij bereid is om uitgeleverd te worden, meldt persbureau AP.

Openbaar verdedigen
"Ik heb de overheid verteld dat ik terug zou komen als ze een eerlijk proces zouden garanderen", zei hij volgens het persbureau. Snowden wil tijdens de rechtszaak de mogelijkheid krijgen om zichzelf in het openbaar te verdedigen en uit te leggen waarom hij de geheimen lekte. Hij wil graag dat zijn daden beoordeeld worden door een jury.

Snowden heeft eerder al eens gezegd dat hij zijn terugkeer naar de VS wil bespreken met de overheid. Hij zou bijvoorbeeld schuld willen bekennen in ruil voor een strafvermindering en heeft ook gezegd dat hij bereid was de cel in te gaan.

Wachten op de overheid
Eric Holder, tot eind vorig jaar minister van Justitie in de VS, zei eerder dat een deal met Snowden een mogelijkheid was. Maar Snowden zei in oktober dat hij nog steeds wachtte op een reactie van de overheid.

Snowdens onthullingen over de Amerikaanse en Britse geheime diensten hebben geleid tot een internationale discussie over het monitoren van persoonlijke communicatie en de balans tussen veiligheid en privacy.

Zijn acties maken hem volgens sommigen een held. Critici noemen hem een verrader en stellen dat zijn onthullingen de strijd tegen terrorisme in gevaar hebben gebracht.

Bron: www.rtlz.nl

quote:

We cannot trust our government, so we must trust the technology | US news | The Guardian

Apple’s battle with the FBI is not about privacy v security, but a conflict created by the US failure to legitimately oversee its security service post Snowden


The showdown between Apple and the FBI is not, as many now claim, a conflict between privacy and security. It is a conflict about legitimacy.

America’s national security agencies insist on wielding unaccountable power coupled with “trust us, we’re the good guys”, but the majority of users have no such trust. Terrorism is real, and surveillance can sometimes help prevent it, but the only path to sustainable accommodation between technologies of secrecy and adequately informed policing is through a root-and-branch reform of the checks and balances in the national security system.

The most important principle that the Obama administration and Congress need to heed in this conflict is: “Physician, heal thyself.”

The FBI, to recap, is demanding that Apple develop software that would allow it to access the secure data on the work phone of one of the two perpetrators of the San Bernardino attack.

Apple has refused to do so, arguing that in order to build the ability to access this phone, it would effectively be creating a backdoor into all phones.

The debate is being publicly framed on both sides as a deep conflict between security and freedom; between the civil rights of users to maintain their privacy, and the legitimate needs of law enforcement and national security. Yet this is the wrong way to think about it.

The fundamental problem is the breakdown of trust in institutions and organizations. In particular, the loss of confidence in oversight of the American national security establishment.

It is important to remember that Apple’s initial decision to redesign its products so that even Apple cannot get at a user’s data was in direct response to the Snowden revelations. We learned from Snowden that the US national security system spent the years after 9/11 eviscerating the system of delegated oversight that had governed national security surveillance after Watergate and other whistleblower revelations exposed pervasive intelligence abuses in the 1960s and 70s.

Apple’s design of an operating system impervious even to its own efforts to crack it was a response to a global loss of trust in the institutions of surveillance oversight. It embodied an ethic that said: “You don’t have to trust us; you don’t have to trust the democratic oversight processes of our government. You simply have to have confidence in our math.”

This approach builds security in a fundamentally untrustworthy world.

Related: Apple v FBI: engineers would be ashamed to break their own encryption

Many people I know and admire are troubled by the present impasse. After all, what if you really do need information from a terrorist about to act, or a kidnapper holding a child hostage? These are real and legitimate concerns, but we will not solve them by looking in the wrong places. The FBI’s reliance on the All Writs Act from 1789 says: “I am the government and you MUST do as you are told!” How legitimate or illegitimate what the government does is irrelevant, so this logic goes, to the citizen’s duty to obey a legally issued order.

The problem with the FBI’s approach is that it betrays exactly the mentality that got us into the mess we are in. Without commitment by the federal government to be transparent and accountable under institutions that function effectively, users will escape to technology. If Apple is forced to cave, users will go elsewhere. American firms do not have a monopoly on math.

In the tumultuous days after the Snowden revelations there were various committees and taskforces created to propose reforms. Even a review group made of top former White House and national security insiders proposed extensive structural reforms to how surveillance operated and how it was overseen. Neither the administration nor Congress meaningfully implemented any of these reforms.

Apple’s technology is a response to users’ thirst for technology that can secure their privacy and autonomy in a world where they cannot trust any institutions, whether government or market.

It is therefore the vital national security interest of the US that we build an institutional system of robust accountability and oversight for surveillance and investigation powers. We need meaningful restrictions on collection and use of data; we need genuinely independent review, with complete access to necessary information and a technically proficient capacity to exercise review.

Perhaps most importantly, we need to end the culture of impunity that protects people who run illegal programs and continue to thrive in their careers after they are exposed, but vindictively pursues the whistleblowers who expose that illegality.

Only such a system, that offers transparently meaningful oversight and real consequences for those who violate our trust, has any chance of being trustworthy enough to remove the persistent global demand for platforms that preserve user privacy and security even at the expense of weakening the capabilities of their policing and national security agencies.

Apple’s case is not about freedom versus security; it is about trustworthy institutions or trust-independent technology. We cannot solve it by steamrolling the technology in service of untrusted institutions.

Bron: www.theguardian.com

quote:

WikiLeaks: NSA luisterde telefoontjes tussen Merkel en Ban Ki-moon af

quote:

De Amerikaanse inlichtingendienst NSA heeft in 2008 naar verluidt telefoongesprekken tussen de Duitse bondskanselier Angela Merkel en secretaris-generaal van de Verenigde Naties Ban Ki-moon afgeluisterd. Dit blijkt uit de meest recente onthullingen op de klokkenluiderwebsite WikiLeaks.

quote:

Italy summons American ambassador to ​clarify reports NSA spied on Berlusconi | World news | The Guardian

John Phillips summoned to Rome following accusations that the US National Security Agency spied on the former prime minister and his close associates

The Italian government has summoned the American ambassador to Rome following accusations that the US National Security Agency spied on former prime minister Silvio Berlusconi and some of his close associates in 2011, at the height of the eurozone crisis.

The Italian foreign ministry said in a statement that it has summoned the US ambassador, John Phillips, for “clarification” about the reports, but declined to elaborate on who Phillips met and whether the accusations of wiretapping were addressed.

A report in L’Espresso, the Italian news magazine, said that WikiLeaks documents had revealed that the NSA – the US government agency whose mass surveillance programme in the US was revealed by Edward Snowden – had spied on Berlusconi and some of his associates as the Italian economy was heading into freefall, and as the former conservative premier was facing allegations about his “Bunga Bunga” sex parties.

Citing WikiLeaks documents, the report states that Berlusconi, as well as his “trusted personal adviser” Valentino Valentini, national security adviser Bruno Archi, Marco Carnelos, a diplomatic adviser, and the permanent representative of Italy to Nato, Stefano Stefanini, were all targeted.

The US was allegedly concerned with Berlusconi’s relationship with the Russian president, Vladimir Putin. Earlier WikiLeaks cables dating back to 2009 portrayed Valentini as a shadowy figure who looked after Berlusconi’s interests in Russia and quoted US contacts within Berlusconi’s party and the Democratic party – which is currently in power – as believing that Berlusconi was profiting personally from energy deals between Italy and Russia

The report suggested that the new revelations “reopen the case” about why Berlusconi ultimately stepped down, but it did not make any direct allegations in connection to the WikiLeaks documents. Berlusconi’s resignation led to the ascent of Mario Monti’s government, who was followed by prime minister Enrico Letta, and, finally, the current premier, Matteo Renzi.

The report said that the NSA also intercepted a phone conversation between Berlusconi and the Israeli leader, Binyamin Netanyahu, in March 2010, in a period of crisis between Israel and the US, after Netanyahu announced Israel planned to build 1,600 homes in East Jerusalem. In the conversation, Netanyahu allegedly said tensions between Israel and the US could only be heightened by the absence of direct contacts with Barack Obama, the US president. In response, Berlusconi promised to help mend ties with Washington.

The US embassy did not respond to a request for comment. The news comes one day after a report in the Wall Street Journal revealed that Italy has agreed to allow the US to use the American and Nato naval air base in Sicily to launch armed drones in defensive attacks against Isis in northern Africa. The breakthrough came after a year of negotiations between the countries, with Italy reportedly blocking a request by the US to use the Sicilian base to launch potential offensive attacks.

The decision to summon the ambassador was not entirely unprecedented. When the German chancellor, Angela Merkel, learned that the NSA had spied on her, she rang up Obama directly and the issue strained the relationship between Germany and the US.

Ambassador Phillips was confirmed by the Senate in August 2013. On the US embassy website, it says the former Washington attorney played a “significant role” in the creation of a whistleblower reward programme designed to encourage private citizens to expose and detect defence contractor fraud. He is married to Linda Douglass, who served as communications director for the White House effort to pass healthcare reform.

Bron: www.theguardian.com

quote:

Obama Administration Set to Expand Sharing of Data That N.S.A. Intercepts

WASHINGTON — The Obama administration is on the verge of permitting the National Security Agency to share more of the private communications it intercepts with other American intelligence agencies without first applying any privacy protections to them, according to officials familiar with the deliberations.

The change would relax longstanding restrictions on access to the contents of the phone calls and email the security agency vacuums up around the world, including bulk collection of satellite transmissions, communications between foreigners as they cross network switches in the United States, and messages acquired overseas or provided by allies.
Continue reading the main story
Related Coverage

N.S.A. Gets Less Web Data Than Believed, Report SuggestsFEB. 16, 2016
Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. BorderJUNE 4, 2015
After Paris Attacks, C.I.A. Director Rekindles Debate Over SurveillanceNOV. 16, 2015
File Says N.S.A. Found Way to Replace Email ProgramNOV. 19, 2015
Judge Deals a Blow to N.S.A. Data Collection ProgramNOV. 9, 2015

The idea is to let more experts across American intelligence gain direct access to unprocessed information, increasing the chances that they will recognize any possible nuggets of value. That also means more officials will be looking at private messages — not only foreigners’ phone calls and emails that have not yet had irrelevant personal information screened out, but also communications to, from, or about Americans that the N.S.A.’s foreign intelligence programs swept in incidentally.

Civil liberties advocates criticized the change, arguing that it will weaken privacy protections. They said the government should disclose how much American content the N.S.A. collects incidentally — which agency officials have said is hard to measure — and let the public debate what the rules should be for handling that information.

“Before we allow them to spread that information further in the government, we need to have a serious conversation about how to protect Americans’ information,” said Alexander Abdo, an American Civil Liberties Union lawyer.

Robert S. Litt, the general counsel in the office of the Director of National Intelligence, said that the administration had developed and was fine-tuning what is now a 21-page draft set of procedures to permit the sharing.

The goal for the final rules, Brian P. Hale, a spokesman for the office, said in a statement, is “to ensure that they protect privacy, civil liberties and constitutional rights while enabling the sharing of information that is important to protect national security.”

Until now, National Security Agency analysts have filtered the surveillance information for the rest of the government. They search and evaluate the information and pass only the portions of phone calls or email that they decide is pertinent on to colleagues at the Central Intelligence Agency, the Federal Bureau of Investigation and other agencies. And before doing so, the N.S.A. takes steps to mask the names and any irrelevant information about innocent Americans.

The new system would permit analysts at other intelligence agencies to obtain direct access to raw information from the N.S.A.’s surveillance to evaluate for themselves. If they pull out phone calls or email to use for their own agency’s work, they would apply the privacy protections masking innocent Americans’ information — a process known as “minimization” — at that stage, Mr. Litt said.

Executive branch officials have been developing the new framework and system for years. President George W. Bush set the change in motion through a little-noticed line in a 2008 executive order, and the Obama administration has been quietly developing a framework for how to carry it out since taking office in 2009.

The executive branch can change its own rules without going to Congress or a judge for permission because the data comes from surveillance methods that lawmakers did not include in the main law that governs national security wiretapping, the Foreign Intelligence Surveillance Act, or FISA.

FISA covers a narrow band of surveillance: the collection of domestic or international communications from a wire on American soil, leaving most of what the N.S.A. does uncovered. In the absence of statutory regulation, the agency’s other surveillance programs are governed by rules the White House sets under a Reagan-era directive called Executive Order 12333.

Mr. Litt declined to make available a copy of the current draft of the proposed procedures.

“Once these procedures are final and approved, they will be made public to the extent consistent with national security,” Mr. Hale said. “It would be premature to draw conclusions about what the procedures will provide or authorize until they are finalized.”

Among the things they would not address is what the draft rules say about searching the raw data using names or keywords intended to bring up Americans’ phone calls or email that the security agency gathered “incidentally” under the 12333 surveillance programs — including whether F.B.I. agents may do so when working on ordinary criminal investigations.

Under current rules for data gathered under a parallel program — the no-warrant surveillance program governed by the FISA Amendments Act — N.S.A. and C.I.A. officials may search for Americans’ information only if their purpose is to find foreign intelligence, but F.B.I. agents may conduct such a search for intelligence or law enforcement purposes. Some lawmakers have proposed requiring the government to obtain a warrant before conducting such a search.

In 2013, The Washington Post reported, based on documents leaked by the former intelligence contractor Edward J. Snowden, that the N.S.A. and its British counterpart, Government Communications Headquarters, had tapped into links connecting Google’s and Yahoo’s data centers overseas and that the American spy agency had collected millions of records a day from them. The companies have since taken steps to encrypt those links.

That collection occurred under 12333 rules, which had long prohibited the N.S.A. from sharing raw information gathered from the surveillance it governed with other members of the intelligence community before minimization. The same rule had also long applied to sharing information gathered with FISA wiretaps.

But after the attacks of Sept. 11, 2001, the Bush administration began an effort to tear down barriers that impeded different parts of the government from working closely and sharing information, especially about terrorism.

In 2002, for example, it won permission, then secret, from the intelligence court permitting the C.I.A., the F.B.I. and the N.S.A. to share raw FISA wiretap information. The government did not disclose that change, which was first reported in a 2014 New York Times article based on documents disclosed by Mr. Snowden.

In August 2008, Mr. Bush change d 12333 to permit the N.S.A. to share unevaluated surveillance information with other intelligence agencies once procedures were developed.

Intelligence officials began working in 2009 on how the technical system and rules would work, Mr. Litt said, eventually consulting the Defense and Justice Departments. This month, the administration briefed the Privacy and Civil Liberties Oversight Board, an independent five-member watchdog panel, seeking input. Before they go into effect, they must be approved by James R. Clapper, the intelligence director; Loretta E. Lynch, the attorney general; and Ashton B. Carter, the defense secretary.

“We would like it to be completed sooner rather than later,” Mr. Litt said. “Our expectation is months rather than weeks or years.”

quote:

Privacy Shield: dit houdt de datadeal tussen EU-VS in - rtlz.nl

Twee jaar werkten Europa en de Verenigde Staten aan een opvolger voor Safe Harbor, de afspraak waarmee Amerikaanse bedrijven data van Europeanen mochten verwerken en opslaan. Het Europees Hof verklaarde Safe Harbor vorig jaar ongeldig, nadat klokkenluider Edward Snowden de spionagepraktijken van de Amerikaanse geheime dienst NSA openbaarde.

Amerikaanse bedrijven raakten toen in paniek, omdat zij wettelijk gezien geen data van Europese gebruikers in de VS mochten verwerken. Met het Privacy Shield wordt dit weer mogelijk, maar zowel de Amerikaanse overheid als Amerikaanse bedrijven moeten zich voortaan aan striktere regels houden.

Dit is nieuw in Privacy Shield:

1. Amerikaanse bedrijven moeten zich registeren voor deelname aan het Privacy Shield
Dit klinkt een beetje als Safe Harbor 2.0: bedrijven moeten schriftelijk aantonen dat zij de privacy van Europese burgers waarborgen. Dat gebeurt elk jaar. Het Amerikaanse ministerie van Economische Zaken houdt er toezicht op dat bedrijven zich houden aan het Privacy Shield, en het zorgt voor een up-to-date lijst met aangesloten bedrijven. Als bedrijven zich toch niet aan het Privacy Shield houden, dan volgen er sancties.

In het Privacy Shield staat onder andere dat bedrijven data van Europese burgers alleen mogen verwerken voor 'gelimiteerde en gespecificeerde doeleinden' en dat individuen daarmee expliciet in moet stemmen. Ook moeten de data veilig worden opgeslagen zodat niet jan en alleman bij de data kan.

2. De Amerikaanse geheime dienst mag niet zomaar Europese burgers bespioneren
De Europese Commissie is tevreden met de schriftelijke garanties van de VS dat de Amerikaanse geheime dienst data van Europese burgers alleen aftapt als daar noodzaak voor is. Er zijn volgens de Europese Commissie 'duidelijke beperkingen, waarborgen en toezichtmechanismen' ingesteld voor spionage door de NSA.

Ook wordt er een onafhankelijke ombudsman in de VS aangesteld die klachten over de spionagepraktijken van de NSA behandelt. Hier kunnen Europese burgers met hun klachten terecht. Ook worden de praktijken van de geheime dienst elk jaar door de Europese Commissie opnieuw onder de loep genomen.

3. Amerikaanse bedrijven moeten klachten binnen 45 dagen in behandeling nemen
Als je een klacht indient bij een Amerikaans bedrijf over het verwerken van jouw data, moet de klacht binnen 45 dagen in behandeling worden genomen. Je kunt als gebruiker een klacht bij het bedrijf indienen of aankloppen bij de Nederlandse privacywaakhond Autoriteit Persoonsgegevens. Daarnaast krijgt het Privacy Shield een tool waarmee Europese burgers klachten over Amerikaanse bedrijven kunnen indienen. Ook wordt er een speciaal Europees panel opgericht dat dergelijke klachten in behandeling kan nemen.

4. Elk jaar wordt het Privacy Shield opnieuw beoordeeld
Het Privacy Shield wordt elk jaar door de Europese Commissie en het Amerikaanse ministerie van Economische Zaken opnieuw beoordeeld. Bij deze beoordeling worden ook de spionagepraktijken van de NSA meegenomen - en of de geheime dienst niet over de schreef is gegaan. Dat gebeurt onder andere met transparantierapporten van bedrijven, die publiceren hoe vaak ze door een overheid zijn benaderd om gegevens over te dragen.

'Een varken met tien lagen lippenstift'
Andrus Ansip, vicepresident van de Europese Commissie, is blij met de details van het Privacy Shield: "We blijven werken om het vertrouwen in de online wereld te versterken. Vertrouwen is een must, en dat wat onze digitale toekomst zal aandrijven."

Maar vertrouwen is volgens critici niet genoeg om de privacy van Europese burgers te beschermen. "De EU en VS proberen zo'n tien lagen lippenstift op een varken te smeren, maar de kernproblemen zijn duidelijk niet opgelost", schrijft Max Schrems (pdf). De Oostenrijker zorgde er met een rechtszaak tegen Facebook voor dat Safe Harbor werd afgeschaft. Schrems vindt dat zijn data op de Amerikaanse servers van Facebook niet veilig zijn, en het Europees Hof stelde hem in het gelijk.

Schrems: "De Europese Commissie claimt dat er geen 'bulkspionage' meer plaatsvindt, maar de documenten zeggen juist het tegenovergestelde." Hij doelt op een passage in het Privacy Shield, waarmee het in bulk verzamelen van data van Europese burgers door de NSA alleen is toegestaan onder zes specifieke voorwaarden, zoals omwille van counterterrorisme en cybersecurity.

Volgens Schrems zijn er genoeg mensen die met het Privacy Shield weer naar het Europees Hof stappen om de legaliteit van de afspraak te beproeven: "En ik kan zeker één van die mensen zijn."

De Autoriteit Persoonsgegevens komt vandaag met een officiële reactie op het Privacy Shield. De Nederlandse privacywaakhond moet, in samenwerking met de Artikel 29-werkgroep die bestaat uit de Europese privacytoezichthouders, nog zijn officiële goedkeuring geven.

Bron: www.rtlz.nl

quote:

Snooper's charter: wider police powers to hack phones and access web history | World news | The Guardian

Latest version of investigatory powers bill will allow police to hack people’s computers and view browsing history


Powers for the police to access everyone’s web browsing histories and to hack into phones are to be expanded under the latest version of the snooper’s charter legislation.

The extension of police powers contained in the investigatory powers bill published on Tuesday indicates the determination of the home secretary, Theresa May, to get her legislation on to the statute book by the end of this year despite sweeping criticism by three separate parliamentary committees in the past month.

Related: Technology firms' hopes dashed by 'cosmetic tweaks' to snooper's charter

The bill is designed to provide the first comprehensive legal framework for state surveillance powers anywhere in the world. It has been developed in response to the disclosure of state mass surveillance programmes by the whistleblower Edward Snowden. The government hopes it will win the backing of MPs by the summer and by the House of Lords this autumn.

May said the latest version reflected the majority of the 122 recommendations made by MPs and peers, including strengthening safeguards, enhancing privacy protections and bolstering oversight arrangements.

She has, in particular, made changes to meet concerns within the technology industry that the surveillance law would undermine encryption. The latest draft makes clear that the government will take a pragmatic approach, and no company will be required to remove encryption of its own services if it is not technically feasible. The likely costs involved will also be taken into account.

But the publication of the detailed bill has also revealed that, far from climbing down over her proposals, May intends to expand the scope of its most controversial new powers – the collection and storage for 12 months of everyone’s web browsing history, known as internet connection records – and state powers to hack into computers and smartphones.

The bill will now allow police to access all web browsing records in specific crime investigations, beyond the illegal websites and communications services specified in the original draft bill.

It will extend the use of state remote computer hacking from the security services to the police in cases involving a “threat to life” or missing persons. This can include cases involving “damage to somebody’s mental health”, but will be restricted to use by the National Crime Agency and a small number of major police forces.

Four hours after the bill’s publication the Home Office issued a highly unusual “clarification” claiming that its official response published on Tuesday listing the powers to allow the police to use computer and phone hacking as a “key change” was because they had been missed out from the draft bill.

“Documents published alongside the bill today describe the position as having changed as it was not referenced in the draft bill. However it reflects current police practice. The fact that it was not included in the draft bill was an omission that is being corrected in the final bill.”

The Home Office said the hacking powers dated from the 1997 Police Act and would most likely only be used in “exceptional circumstances” such as finding missing people. They would require a “double-lock” warrant with ministerial authorisation and judicial approval.

However evidence given to the scrutiny committee by the head of the Metropolitan police technical unit, Det Supt Paul Hudson, said such hacking powers were used “in the majority of serious crime cases” but refused to give further details in a public forum.

He described it as a “covert activity so nothing that we do under equipment interference would cause any damage or leave any trace, otherwise it would not remain covert for very long”. His colleague said they could provide MPs and peers with data on its use but it was “very confidential” and would have to remain unpublished.

Hudson acknowledged that the technology has long moved on since 1997. Legalised hacking now allows a third party to take remote control of a phone’s camera or microphone to record video and conversations taking place.

The Home Office’s claim that the legalised hacking powers had been missed out of the original draft bill and so escaped the process of pre-legislative scrutiny was greeted with scepticism by at least one member of the scrutiny committee.

The expansion of police powers to access web browsing history as part of their investigations follows pressure from the police, and the use of these powers does not need the “double-lock” ministerial authorisation.

The home secretary told MPs she had rejected the committees’ recommendations to exclude the use of state surveillance powers for the “economic wellbeing” of the UK. She also resisted their demand to scrap warrants allowing GCHQ to undertake bulk computer hacking, describing them as a “key operational requirement”.

May also underlined the “vital part” played by the security agencies’ “bulk powers” – the mass collection and storage of everyone’s communications data in Britain and the bulk interception of the content of communications of those based overseas to acquire intelligence.

The Home Office has made detailed tweaks to the original draft of the bill, including stronger protections for journalists and lawyers, six codes of practice setting out how the powers will be used, and the use of a “double-lock” authorisation of the most intrusive surveillance methods by a minister backed by the approval of a judicial commissioner.

The Home Office has acknowledged that the initial costing of the bill, at around £247m, is not set, and a final figure will be published after detailed consultations with industry.

Related: Home Office to publish revised draft of snooper's charter

May said: “This is vital legislation and we are determined to get it right. The revised bill we introduced today reflects the majority of the committees’ recommendations – we have strengthened safeguards, enhanced privacy protections and bolstered oversight arrangements – and will now be examined by parliament before passing into law by the end of 2016.

“Terrorists and criminals are operating online and we need to ensure the police and security services can keep pace with the modern world and continue to protect the British public from the many serious threats we face.”

As part of the pre-legislative process, the bill was examined by a draft scrutiny committee, the intelligence and security committee and the science and technology committee.

The MPs and peers called for a fundamental rewrite of the draft bill, with the ISC calling for privacy safeguards to be made the backbone of the legislation and the draft scrutiny committee saying the case had not yet been made for the introduction of new powers to store and access everyone’s web browsing history.

Eric King, director of the Don’t Spy On Us coalition, which includes Liberty, Privacy International and other privacy and digital rights groups, called for a rethink of the bill.

“Rather than a full redraft, we’ve been given cosmetic tweaks to a heavily criticised, deeply intrusive bill,” he said. “Reshuffling safeguards without meaningfully improving protections, authorisations or oversight does nothing to address widespread concerns about mass surveillance. The unsettling absence of a robust, technical, detailed evaluation of those bulk powers means the case still hasn’t been made, and parliament won’t have the information it needs to do its job.

“There simply isn’t time for proper scrutiny of all these powers in the time frame proposed. More than 100 experts called on the Home Office to put on the brakes. The government must think again.”

Shami Chakrabarti, director of Liberty, said: “Less than three weeks ago MPs advised 123 changes to the majorly flawed draft bill. The powers were too broad, safeguards too few and crucial investigatory powers entirely missing.

“Minor Botox has not fixed this bill. Government must return to the drawing board and give this vital, complex task appropriate time. Anything else would show dangerous contempt for parliament, democracy and our country’s security.”

Related: The Guardian view on surveillance: keep a vigilant eye on the snoopers | Editorial

Lord Strasburger, a Liberal Democrat member of the scrutiny committee on the draft bill, said nothing had changed since the committee published its report three weeks ago: “The Home Office just doesn’t do privacy. It does security and ever more intrusive powers they claim will make us safer, but not privacy. The fact that they see simply changing the name of one section to include the word ‘privacy’ as addressing the fundamental concerns about privacy protections in this bill is breath-taking,” he said.

“The speed with which the home secretary is trying to force this bill through parliament shows no respect to the joint committee and ISC who worked so hard to give them workable solutions to problems in the draft bill, to parliament, or to the British people.”
Bron: www.theguardian.com

quote:

Marechaussee onderzocht afgelopen jaar flink meer telefoons | NOS

Het afgelopen jaar heeft de Koninklijke Marechaussee een recordaantal telefoons en simkaarten onderzocht. Dat blijkt uit een WOB-verzoek (.pdf) van Freedom Inc, een organisatie die zich inzet voor de rechten van burgers.

In totaal werden 3387 telefoonchecks uitgevoerd, anderhalf keer zoveel als vorig jaar. In 2008 werden er slechts 900 checks uitgevoerd.

"Het gaat om de telefoons van mensen die we verdenken van een strafbaar feit", zegt woordvoerder Alfred Ellwanger. "Dat kan het bijvoorbeeld gaan om drugssmokkel, mensensmokkel of terrorisme. Daarnaast checken we telefoons van vreemdelingen die Nederland binnen komen, als we vermoeden dat ze door mensensmokkelaars zijn binnengebracht."

Speciale teams onderzoeken vervolgens de telefoons. "Ze kunnen nummers van mensensmokkelaars achterhalen, maar ook sms’jes of WhatsApp-berichten. Alle informatie op zo’n telefoon kan van belang zijn."

De stijging komt volgens de marechaussee doordat er op gebied van mensensmokkel meer verdachten zijn aangehouden. Verder ziet de dienst een relatie met de toename van het aantal vluchtelingen. De marechaussee benadrukt dat ze niet aan de telefoons van normale reizigers komen.

Bron: nos.nl

quote:

It Took a FOIA Lawsuit to Uncover How the Obama Administration Killed FOIA Reform

quote:

The Obama administration has long called itself the most transparent administration in history. But newly released Department of Justice (DOJ) documents show that the White House has actually worked aggressively behind the scenes to scuttle congressional reforms designed to give the public better access to information possessed by the federal government.

The documents were obtained by the Freedom of the Press Foundation, a nonprofit organization that supports journalism in the public interest, which in turn shared them exclusively with VICE News. They were obtained using the Freedom of Information Act (FOIA) — the same law Congress was attempting to reform. The group sued the DOJ last December after its FOIA requests went unanswered for more than a year.

The documents confirm longstanding suspicions about the administration's meddling, and lay bare for the first time how it worked to undermine FOIA reform bills that received overwhelming bipartisan support and were unanimously passed by both the House and Senate in 2014 — yet were never put up for a final vote.

Moreover, a separate set of documents obtained by VICE News in response to a nearly two-year-old FOIA request provides new insight into how the Securities and Exchange Commission and the Federal Trade Commission (FTC) also tried to disrupt Congress's FOIA reform efforts, which would have required those agencies to be far more transparent when responding to records requests.

The disclosures surface days before Sunshine Week, an annual celebration of open government, and a renewed effort by the House and Senate to improve the FOIA by enacting the very same reforms contained in the earlier House and Senate bills — the seventh attempt in at least 10 years by lawmakers to amend the transparency law. But the administration is again working to derail the legislation, according to congressional staffers.

The FOIA Oversight and Implementation Act of 2014, co-sponsored by then–House Oversight and Government Reform Committee Chairman Darrell Issa and ranking member Elijah Cummings, would have codified into law Obama's presidential memorandum, signed on his first day in office in 2009, that instructed all government agencies to "adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open Government." (Attorney General Eric Holder issued a set of guidelines to federal agencies a couple of months later that explained how the presumption of disclosure should be implemented.)

Additionally, the legislation called for the implementation of a centralized online portal, overseen by the Office of Management and Budget (OMB), to handle all FOIA requests and required government agencies to update their FOIA regulations. The bill unanimously passed by a vote of 410-0, one of the few pieces of legislation during President Barack Obama's tenure to receive bipartisan support.

Related: There Are 1,800 Reasons Why the Controversy Over Hillary Clinton's Emails Is Far From Over

But the administration "strongly opposed passage" of the House bill and opposed nearly every provision that would have made it easier for journalists, historians, and the public to access government records. The White House claimed it would increase the FOIA backlog, result in astronomical costs, and cause unforeseen problems with processing requests, according to a secret six-page DOJ set of talking points turned over to the Freedom of the Press Foundation along with 100 pages of internal DOJ emails about the FOIA bill.

"The Administration views [the House bill] as an attempt to impose on the Executive Branch multiple administrative requirements concerning its internal management of FOIA administration, which are not appropriate for legislative intervention and would substantially increase costs and cause delays in FOIA processing," the talking points say. "The Administration believes that the changes… are not necessary and, in many respects, will undermine the successes achieved to date by diverting scarce processing resources."

quote:

Notably, the DOJ's talking points also shed light on the ongoing turf war between the Office of Information Policy and the independent Office of Government Information Services (OGIS), also known as the FOIA ombuds office, which provides requesters with mediation services. Congressional efforts to expand OGIS's role, as cited in the bill, were interpreted by DOJ to be an encroachment on its powers. The DOJ went so far as to claim that empowering another agency to improve FOIA administration was unconstitutional.

quote:

But everything died in the House in December 2014 after then-Speaker John Boehner failed to bring up the final version for a vote. Rumors soon began to surface that the DOJ, the SEC, and the FTC, prodded by banking lobbyists, worked behind the scenes and lobbied lawmakers not to bring the legislation up for a vote. The DOJ used the same talking points to sound alarm bells about the Senate bill.

quote:

UK setting bad example on surveillance, says UN privacy chief | World news | The Guardian

Special rapporteur Joseph Cannataci says Britain should be oulawing bulk data collection rather than legitimising it

Special rapporteur Joseph Cannataci says Britain should be oulawing bulk data collection rather than legitimising it

The UK is setting a bad example to the rest of the world with proposed changes to the law on surveillance, the United Nations special rapporteur on privacy has said.

The criticism by rapporteur Joseph Cannataci is made in a report presented to the UN Human Rights Council. The report deals with privacy concerns worldwide but Cannataci, concerned about developments in the UK, has devoted a section to the British bill.

He says the British government has failed to recognise the consequences of legitimising bulk data collection or mass surveillance. Instead of legitimising it, the government should be outlawing it, he says.

MPs are scheduled to vote on the second reading of the investigatory powers bill next week. The bill is in part a response to the revelations of whistleblower Edward Snowden in 2013 about the scale of bulk data collection by intelligence agencies in the UK and US.

The bill enshrines in law a host of surveillance powers the intelligence services had kept largely hidden from the public for the last two decades, including computer hacking. In contrast with the US, which last year banned bulk data phone collection, the UK is keeping all its surveillance powers.

Cannataci, in the report, expresses serious concern and calls on MPs to use their influence to ensure “that disproportionate, privacy-intrusive measures such as bulk surveillance and bulk hacking as contemplated in the investigatory powers bill be outlawed rather an legitimised.”

He notes the influence the UK has over the commonwealth and calls on it to step back from taking disproportionate measures which could have “negative ramifications beyond the shores of the United Kingdom”.

He also urges the UK to show greater commitment to privacy and “to desist from setting a bad example to other states by continuing to propose measures, especially bulk interception and bulk hacking” which run counter to recent European court judgments and “undermine the spirit of the very right to privacy”.

Jim Killock, executive director of the Open Rights Group, welcomed the report and described the bill as deeply flawed.

“The special rapporteur’s report is yet another damning criticism of the investigatory powers bill. Not only does it call for the disproportionate powers in the bill to be outlawed rather than legitimised, it points out that the bill does not comply with recent human rights rulings, which means it could be open to legal challenges.

“The report voices another serious concern – that the impact of this extreme legislation will be felt around the world, and copied by other countries.”

Bron: www.theguardian.com

quote:

Als het aan Obama ligt, mag de FBI z'n gang gaan - rtlz.nl

President Obama liet het eerder al doorschemeren, maar nu zegt hij ook het terwijl de hele techwereld toekijkt.

"Als jouw argument is dat sterke encryptie boven alles gaat, en dat we in feite black boxes zullen creëren. Dat komt volgens mij niet overeen met de soort van balans waarin we al zo'n 200 tot 300 jaar leven." Was getekend Obama, afgelopen nacht op de tech- en muziekconferentie SXSW. Met andere woorden: de FBI moet in sommige gevallen bij je spullen kunnen. "Het fetisjeert onze telefoons boven elke andere waarde. Dat kan niet het goede antwoord zijn."

Apple versus FBI
Obama weigerde in te gaan op de zaak van de FBI tegen Apple, maar aan zijn antwoorden was wel af te leiden aan welke kant hij staat. Verder dreigde hij dat als de techwereld niet een manier vindt om de wet te dienen, dat dit juist zou kunnen leiden tot minder encryptie. "Als de tech-community zich zo blijft verzetten en er gebeurt iets echt ergs, dan zal de politiek terugslaan en slordig en gehaast worden."

Dus als de techwereld een vorm van encryptie wil bewaren, moet het maar eens starten met het tonen van goede wil. Bekijk het interview met Obama (vanaf minuut 41:21).

Bron: www.rtlz.nl

quote:

In the Apple Case, a Debate Over Data Hits Home

quote:

WASHINGTON — Three years ago, reeling from Edward J. Snowden’s disclosure of the government’s vast surveillance programs and uncertain how to respond, President Obama said he welcomed a vigorous public debate about the wrenching trade-offs between safeguarding personal privacy and tracking down potential terrorists.

“It’s healthy for our democracy,” he told reporters at the time. “I think it’s a sign of maturity.”

But the national debate touched off this winter by the confrontation between the Justice Department and Apple over smartphone security is not exactly the one Mr. Obama had in mind.

Mr. Snowden’s revelations produced modest changes and a heightened suspicion of the government’s activities in cyberspace. Because the issue now centers on a device most Americans carry in their pockets, it is concrete and personal in a way that surveillance by the National Security Agency never was.

The trade-offs seem particularly stark because they have been framed around a simple question: Should Apple help the F.B.I. hack into an iPhone used by a gunman in the massacre last December in San Bernardino, Calif.?

Law enforcement officials have been adamant they must be able to monitor the communications of criminals. They received a vote of confidence from Mr. Obama on Friday, when he said the “absolutist” position taken by companies like Apple is wrong. But the pushback has been enormous.

In the month since a judge ordered Apple to comply with the F.B.I., the debate has jumped from the tech blogs to the front pages of daily newspapers and nightly newscasts. Supporters of the company’s position have held rallies nationwide. Late-night comedians have lampooned government snoopers. Timothy D. Cook, the usually publicity-shy Apple chief executive, pleaded his case on “60 Minutes” last December. On Twitter, “#encryption” fills the screen with impassioned debate on both sides.

“Discussing the case with my friends has become a touchy subject,” said Matthew Montoya, 19, a computer science major at the University of Texas, El Paso. “We’re a political bunch with views from all across the spectrum.”

Like many of her friends, Emi Kane, a community organizer in Oakland, Calif., recently found herself arguing via Facebook with a family friend about the case. Ms. Kane thought Apple was right to refuse to hack the phone; her friend, a waitress in Delaware, said she was disgusted by Apple’s lack of patriotism.

After exchanging several terse messages, they agreed to disagree. “It was a hard conversation,” Ms. Kane said.

The novelist Russell Banks, who signed a letter to Attorney General Loretta Lynch on behalf of Apple, said he had spoken with more than a dozen people about the case just in the last week.

“It’s not just people in the tech industry talking about this,” Mr. Banks, the author of “Affliction” and “The Sweet Hereafter,” said. “It’s citizens like myself.”

That may be because the Apple case involves a device whose least interesting feature is the phone itself. It is a minicomputer stuffed with every detail of a person’s life: photos of children, credit card purchases, texts with spouses (and nonspouses), and records of physical movements.

Mr. Obama warned Friday against “fetishizing our phones above every other value.” After avoiding taking a position for months, he finally came down on the side of law enforcement, saying that using technology to prevent legal searches of smartphones was the equivalent of preventing the police from searching a house for evidence of child pornography.

“That can’t be the right answer,” he said at the South by Southwest festival in Texas, even as he professed deep appreciation for civil liberties and predicted both sides would find a way to cooperate. “I’m confident this is something that we can solve.”

But polls suggest the public is nowhere near as certain as Mr. Obama. In surveys, Americans are deeply divided about the legal struggle between the government and one of the nation’s most iconic companies. The polls show that Americans remain anxious about both the threat of terrorist attacks and the possible theft of personal digital information.

A Wall Street Journal/NBC News survey released last week found that 42 percent of Americans believed Apple should cooperate with law enforcement officials to help them gain access to the locked phone, while 47 percent said Apple should not cooperate. Asked to weigh the need to monitor terrorists against the threat of violating privacy rights, the country was almost equally split, the survey found.

That finding may have seemed unlikely in the wake of terrorist attacks last year in Paris and San Bernardino. In December, eight in 10 people said in a New York Times/CBS News survey that it was somewhat or very likely that there would be a terrorist attack in the United States in the coming months. A CNN poll the same month found that 45 percent of Americans were somewhat or very worried that they or someone in their family would become a victim of terrorism.

But despite the fears about terrorism, the public’s concern about digital privacy is nearly universal. A Pew Research poll in 2014 found more than 90 percent of those surveyed felt that consumers had lost control over how their personal information was collected and used by companies.

The Apple case already seems to have garnered more public attention than the Snowden revelations about “metadata collection” and programs with code names like Prism and XKeyscore. The comedian John Oliver once mocked average Americans for failing to know whether Mr. Snowden was the WikiLeaks guy or the former N.S.A. contractor (he was the latter).

Now, people are beginning to understand that their smartphones are just the beginning. Smart televisions, Google cars, Nest thermostats and web-enabled Barbie dolls are next. The resolution of the legal fight between Apple and the government may help decide whether the information in those devices is really private, or whether the F.B.I. and the N.S.A. are entering a golden age of surveillance in which they have far more data available than they could have imagined 20 years ago.

“It’s an in-your-face proposition for lots more Americans than the Snowden revelation was,” said Lee Rainie, director of Internet, science and technology research at Pew Research Center.

Cindy Cohn, executive director of the Electronic Frontier Foundation, said: “Everyone gets at a really visceral level that you have a lot of really personal stuff on this device and if it gets stolen it’s really bad. They know that the same forces that work at trying to get access to sensitive stuff in the cloud are also at work attacking the phones.”

For the F.B.I. and local law enforcement agencies, the fight has become a high-stakes struggle to prevent what James B. Comey, the bureau’s director, calls “warrant-free zones” where criminals can hide evidence out of reach of the authorities.

Officials had hoped the Apple case involving a terrorist’s iPhone would rally the public behind what they see as the need to have some access to information on smartphones. But many in the administration have begun to suspect that the F.B.I. and the Justice Department may have made a major strategic error by pushing the case into the public consciousness.

Many senior officials say an open conflict between Silicon Valley and Washington is exactly what they have been trying to avoid, especially when the Pentagon and intelligence agencies are trying to woo technology companies to come back into the government’s fold, and join the fight against the Islamic State. But it appears it is too late to confine the discussion to the back rooms in Washington or Silicon Valley.

The fact that Apple is a major consumer company “takes the debate out of a very narrow environment — the universe of technologists and policy wonks — into the realm of consumers where barriers like the specific language of Washington or the technology industry begins to fall away,” said Malkia Cyril, the executive director of the Center for Media Justice, a grass-roots activist network.

That organization and other activist groups like Black Lives Matter have seized on the issue as important for their members. In February the civil liberties group Fight for the Future organized the day of protest against the government order that resulted in rallies in cities nationwide.

“When we heard the news and made a call for nationwide rallies, one happened in San Francisco that same day,” said Tiffiniy Cheng, co-founder of Fight for the Future. “Things like that almost never happen.”

Ms. Cyril says the public angst about the iPhone case feels more urgent than did the discussion about government surveillance three years ago.

“This is one of those moments that defines what’s next,” she said. “Will technology companies protect the privacy of their users or will they do work for the U.S. government? You can’t do both.”

quote:

Beveiligde e-maildienst ProtonMail nu voor iedereen te gebruiken

quote:

Na twee jaar heeft de beveiligde e-maildienst ProtonMail zijn deuren geopend. Iedereen kan een gratis account aanmaken.

E-mailverkeer is lastig te beveiligen, maar de Zwitserse start-up ProtonMail wil daar verandering in brengen. In 2014 haalde het bedrijf een half miljoen dollar op om een dienst te maken die net zo gemakkelijk is als Gmail, maar ook zo veilig is dat zelfs NSA-klokkenluider Edward Snowden het kan gebruiken. Nu opent ProtonMail voor iedereen zijn deuren.

End-to-end-encryptie
ProtonMail maakt gebruik van end-to-end-encryptie, waardoor de inhoud van een e-mail alleen voor de ontvanger is in te zien. Dit gebeurt automatisch bij e-mailtjes tussen ProtonMail-gebruikers, maar de functie is ook in te schakelen als je een e-mail stuurt naar bijvoorbeeld een Gmail-adres. De ontvanger wordt dan naar een pagina geleid waar degene een wachtwoord in moet vullen om de e-mail te lezen en te reageren. Het wachtwoord kan via een andere veilige verbinding worden gegeven, zoals de chat-app Signal.

Daarnaast versleutelt ProtonMail de inhoud van je inbox. Elke gebruiker logt in met een e-mailadres en wachtwoord, maar moet na het inloggen nog een extra wachtwoord invullen om toegang te krijgen tot de inbox. Alle e-mails, bijlages en informatie staan versleuteld op de servers van ProtonMail, en alleen jij hebt het wachtwoord om de versleuteling op te heffen.

Betaalde accounts
Iedereen kan bij ProtonMail een gratis account aanmaken, maar er is ook een optie voor twee betaalde varianten. De goedkoopste kost 5 euro per maand of 48 euro per jaar en biedt de optie om een eigen domein te gebruiken, zoals jouwnaam@jouwdomein.nl, en 5GB opslag. De duurste versie kost 30 euro per maand of 288 euro en biedt ondersteuning voor tien verschillende domeinnamen en 20GB opslag.

Naast het beschikbaar maken van de e-maildienst brengt ProtonMail ook officieel zijn Android- en iOS-app uit. De start-up groeit hard, want ProtonMail heeft inmiddels een miljoen gebruikers. Dat komt onder andere omdat de dienst prominent in beeld kwam tijdens de hackerserie Mr. Robot.

Voor iedereen toegankelijk maken
"ProtonMail is ontwikkeld om je te beschermen tegen massasurveillance", zei oprichter Andy Yen eerder in een gesprek met RTL Z. "Om dit te bewerkstelligen, is het belangrijk om encryptie voor iedereen toegankelijk en gemakkelijk in gebruik te maken."

"We zijn echt niet een e-maildienst voor iedereen, maar wel voor de grote groep mensen die het niet eens is met de massaspionage door overheden."

quote:

Na Brussel willen EU-ministers directe toegang tot data - rtlz.nl

Europese ministers willen een nieuwe wet waarmee inlichtingendiensten en politie direct toegang krijgen tot telecommunicatie en online data. Daarmee moeten terreurverdachten sneller worden opgespoord.

De Europese ministers van Veiligheid en Justitie zouden de eerste versie van de wet in juni van dit jaar presenteren. "In het licht van de gebeurtenissen (in Brussel) zijn we overtuigd dat het noodzakelijk is om [...] manieren te vinden om digitaal bewijs sneller en effectiever te verkrijgen en veilig te stellen", staat in de verklaring van de ministers na afloop.

Europese communicatiedienstverleners moeten volgens de conceptwet 'directe toegang' bieden aan wetshandhavingsinstanties. Dit betekent bijvoorbeeld dat een telecomprovider als KPN of Vodafone nauwer moeten samenwerken met de AIVD en politie om toegang te geven tot hun data. Daarnaast wil de EU ook het Midden-Oosten aansporen om hulp te bieden waar nodig.

Gezamenlijk platform
Naast directere toegang pleiten de Europese ministers voor een betere samenwerking tussen de inlichtingendiensten van Europese landen. Zo zouden alle inlichtingendiensten een gezamenlijk platform moeten krijgen waarmee ze direct data met elkaar kunnen delen.

Parijs
Na de aanslagen in Parijs stelde de Franse regering soortgelijke wetten voor. Naast Frankrijk is ook het Verenigd Koninkrijk voorstander voor verscherpte surveillancewetten.

In Nederland wordt er gewerkt aan twee nieuwe wetten waarmee de AIVD en politie meer bevoegdheden krijgen. De AIVD kan met de nieuwe surveillancewet op grotere schaal digitale informatie aftappen, de politie krijgt met het wetsvoorstel Wet Computercriminaliteit III de bevoegdheid om verdachten te hacken.

Bron: www.rtlz.nl

quote:

A Conversation on Privacy

quote:

The balance between national security and government intrusion on the rights of private citizens will be the topic of a panel discussion featuring renowned linguist and MIT professor Noam Chomsky, NSA whistleblower Edward Snowden, and Intercept co-founding editor Glenn Greenwald. Nuala O’Connor, president and CEO of the Center for Democracy and Technology, will act as moderator.

Chomsky and Greenwald will appear in person at the event, hosted in Tucson by the University of Arizona College of Behavioral Sciences, while Snowden will appear via videoconference.

The Intercept is streaming the event live on this page, and the conversation will be archived here in full.

quote:

Mass surveillance silences minority opinions, according to study

quote:

A new study shows that knowledge of government surveillance causes people to self-censor their dissenting opinions online. The research offers a sobering look at the oft-touted "democratizing" effect of social media and Internet access that bolsters minority opinion.

The study, published in Journalism and Mass Communication Quarterly, studied the effects of subtle reminders of mass surveillance on its subjects. The majority of participants reacted by suppressing opinions that they perceived to be in the minority. This research illustrates the silencing effect of participants’ dissenting opinions in the wake of widespread knowledge of government surveillance, as revealed by whistleblower Edward Snowden in 2013.

The “spiral of silence” is a well-researched phenomenon in which people suppress unpopular opinions to fit in and avoid social isolation. It has been looked at in the context of social media and the echo-chamber effect, in which we tailor our opinions to fit the online activity of our Facebook and Twitter friends. But this study adds a new layer by explicitly examining how government surveillance affects self-censorship.

Participants in the study were first surveyed about their political beliefs, personality traits and online activity, to create a psychological profile for each person. A random sample group was then subtly reminded of government surveillance, followed by everyone in the study being shown a neutral, fictional headline stating that U.S. airstrikes had targeted the Islamic State in Iraq. Subjects were then asked a series of questions about their attitudes toward the hypothetical news event, such as how they think most Americans would feel about it and whether they would publicly voice their opinion on the topic. The majority of those primed with surveillance information were less likely to speak out about their more nonconformist ideas, including those assessed as less likely to self-censor based on their psychological profile.

Elizabeth Stoycheff, lead researcher of the study and assistant professor at Wayne State University, is disturbed by her findings.

quote:

The most wanted man in the world

^{By James Banford}

quote:

I’ve had several occasions to stay at the Metropol during my three decades as an investigative journalist. I stayed here 20 years ago when I interviewed Victor Cherkashin, the senior KGB officer who oversaw American spies such as Aldrich Ames and Robert Hanssen. And I stayed here again in 1995, during the Russian war in Chechnya, when I met with Yuri Modin, the Soviet agent who ran Britain’s notorious Cambridge Five spy ring. When Snowden fled to Russia after stealing the largest cache of secrets in American history, some in Washington accused him of being another link in this chain of Russian agents. But as far as I can tell, it is a charge with no valid evidence.

I confess to feeling some kinship with Snowden. Like him, I was assigned to a National Security Agency unit in Hawaii—in my case, as part of three years of active duty in the Navy during the Vietnam War. Then, as a reservist in law school, I blew the whistle on the NSA when I stumbled across a program that involved illegally eavesdropping on US citizens. I testified about the program in a closed hearing before the Church Committee, the congressional investigation that led to sweeping reforms of US intelligence abuses in the 1970s. Finally, after graduation, I decided to write the first book about the NSA. At several points I was threatened with prosecution under the Espionage Act, the same 1917 law under which Snowden is charged (in my case those threats had no basis and were never carried out). Since then I have written two more books about the NSA, as well as numerous magazine articles (including two previous cover stories about the NSA for WIRED), book reviews, op-eds, and documentaries.

quote:

And there’s another prospect that further complicates matters: Some of the revelations attributed to Snowden may not in fact have come from him but from another leaker spilling secrets under Snowden’s name. Snowden himself adamantly refuses to address this possibility on the record. But independent of my visit to Snowden, I was given unrestricted access to his cache of documents in various locations. And going through this archive using a sophisticated digital search tool, I could not find some of the documents that have made their way into public view, leading me to conclude that there must be a second leaker somewhere. I’m not alone in reaching that conclusion. Both Greenwald and security expert Bruce Schneier—who have had extensive access to the cache—have publicly stated that they believe another whistle-blower is releasing secret documents to the media.

In fact, on the first day of my Moscow interview with Snowden, the German newsmagazine Der Spiegel comes out with a long story about the NSA’s operations in Germany and its cooperation with the German intelligence agency, BND. Among the documents the magazine releases is a top-secret “Memorandum of Agreement” between the NSA and the BND from 2002. “It is not from Snowden’s material,” the magazine notes.

Some have even raised doubts about whether the infamous revelation that the NSA was tapping German chancellor Angela Merkel’s cell phone, long attributed to Snowden, came from his trough. At the time of that revelation, Der Spiegel simply attributed the information to Snowden and other unnamed sources. If other leakers exist within the NSA, it would be more than another nightmare for the agency—it would underscore its inability to control its own information and might indicate that Snowden’s rogue protest of government overreach has inspired others within the intelligence community. “They still haven’t fixed their problems,” Snowden says. “They still have negligent auditing, they still have things going for a walk, and they have no idea where they’re coming from and they have no idea where they’re going. And if that’s the case, how can we as the public trust the NSA with all of our information, with all of our private records, the permanent record of our lives?”