Surveillance & Privacy

IN THE NEWS

July 2015 


 


In The Debate Over Strong Encryption, Security And Liberty Must Win In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse forward secrecy design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.


For Arab Human Rights Defenders, Hacking Team Files Confirm Suspicions of State Surveillance Human rights advocates across the Arab world are combing through the troves of data uncovered in last Sunday’s massive hack of the controversial Italian security and surveillance technology firm Hacking Team.


Why encryption back doors threaten human rights 

In recent years, pro-democracy and pro-human rights protesters from Egypt and Tunisia to Thailand and Hong Kong have used social media and mobile phones to organize and broadcast their message to fellow citizens and the world. But governments are ratcheting up their surveillance capabilities in response.  Fear of heavy monitoring and the reprisals that can follow has led human rights activists to adopt services that support encryption. To them, encryption is a critical security tool to avoid being identified, arrested, harassed, or worse—merely for criticizing government policy.

The U.S. government supports Internet freedom abroad as a pillar of its human rights foreign policy. In recognition of the link between encryption and human rights, Congress has appropriated over $125 million to the State Department and US AID since 2008 to promote Internet freedom, including through programs that develop encryption tools and train activists on how to use them.

 But the FBI has embarked on an aggressive campaign to convince the public that encryption built into our digital tools should be weakened in the name of countering terrorism.  Yet it has failed to recognize the broad, though unintended, harm such an approach would bring to human rights activists worldwide.

Hacking Team leak: Dealings with UK police agencies, demo for Bangladeshi ‘death squad’ Hacking Team, an Italian firm which came under attack for selling hacking tools to governments with dubious human rights records, reportedly showed its spy technology to a security agency in Bangladesh dubbed by Human Rights Watch a “death squad.”

The leaked documents cited by the Intercept show that police agencies in the UK have also tested Hacking Team’s controversial technology, and have been attempting to purchase it for years. According to the leaked data, they have been hindered by “some concerns to do with legal authority” of the technology.


Bold Step on Privacy and Digital Rights

Political and diplomatic tussles over surveillance programs and digital hacking in the US, Germany, Brazil, China, and beyond show just how hard it is going to be to protect privacy in the digital age. But on July 3, UN Human Rights Council members seized the opportunity to put much-needed focus on the increasingly imperiled right to privacy, by appointing Joseph Cannataci to serve as the first UN Special Rapporteur on the Right to Privacy.

Cannataci, an internationally recognized expert on privacy, data protection, and information technology, is mandated to explore the implications of widespread adoption of digital technology for privacy and how the erosion of privacy undermines fundamental freedoms and democracy. Here is why this mandate on privacy matters so vitally to human rights defenders.


James B. Comey, Director, Federal Bureau of Investigation, Joint Statement with Deputy Attorney General Sally Quillian Yates Before the Senate Judiciary Committee  Going Dark: Encryption, Technology, and the Balances Between Public Safety and Privacy

Mr. Chairman and Ranking Member Leahy, we would like to thank you and the members of this committee again for your attention to this subject of national importance. While technology may change, our basic commitment at the Department to upholding the rule of law and our constitutional traditions does not. Our goal at the Department is to work collaboratively and in good faith with interested stakeholders to explore approaches that protect the integrity of technology and promote strong encryption to protect privacy, while still allowing lawful access to information in order to protect public safety and national security.


Mandating backdoors for encrypted communications is a bad idea 

Congress is hearing testimony today about mandating backdoors in security products so law enforcement can access encrypted communications.

James Comey, the director of the FBI, and Sally Quillian Yates, the deputy U.S. attorney general, are scheduled to testify about the need for such power in order to fight criminals. In the past they have cited child pornographers and terrorists among the targets. Comey says that without backdoors intelligence about criminal plots is going dark.

For a variety of reasons, though, mandating backdoors into encrypted communications is a bad idea.


China moves to tighten control over data 

China is advancing a cybersecurity law that would tighten the state’s control over digital data and give it power to approve network equipment.

A new draft of a the law, published this week, aims to protect user’s data from hackers and data resellers, Reuters reported. But the rules could also give the increasingly restrictive government even more power to ban information and control companies’ technology choices.


KYP denies comment on hacking technology The Cyprus Intelligence Service (KYP) has declined to comment on revelations that the agency apparently purchased phone surveillance tech from a manufacturer with a poor reputation among privacy advocates.


The Morning Download: FBI Chief Says Strong Encryption Carries Security Risks 

Good morning. It’s been two years since Edward Snowden began leaking documents that revealed the nature and extent of U.S. government surveillance, much of it by the National Security Agency. Those leaks sparked resistance, both at home and abroad, from tech companies, privacy advocates and governments. Since then, the intelligence and law enforcement community largely have been on the defensive in the security-privacy debate. But perhaps that dynamic is evolving with the passage of time.

FBI Director James Comey called Monday for a “robust debate” about the use of message encryption by technology firms, warning that Islamic State militants and other terror groups could use this method to recruit “troubled Americans to kill people,” theWSJ’s Damian Paletta reports. In June, a large coalition that includes tech firms wrote to President Barack Obama to voice concern about any new policy that would allow the government to weaken the security of encrypted text messages or emails.


UN human rights chief raises concern over breadth, vagueness of China’s new security law 

The United Nations’ human rights chief says he is worried by the breadth and vagueness of new national security legislation approved last week by China’s legislature.

Zeid Raad al-Hussein said Tuesday that the National Security Law “raises many concerns due to its extraordinarily broad scope coupled with the vagueness of its terminology and definitions.”

He added in a statement that “it leaves the door wide open to further restrictions of the rights and freedoms of Chinese citizens, and to even tighter control of civil society by the Chinese authorities than there is already.”

The new legislation reinforces government controls over cyberspace and covers a wide range of other areas including the economy, social stability, territorial integrity, the military, culture, finance, technology, the environment and food safety.


A DETAILED LOOK AT HACKING TEAM’S EMAILS ABOUT ITS REPRESSIVE CLIENTS Documents obtained by hackers from the Italian spyware manufacturer Hacking Team confirm that the company sells its powerful surveillance technology to countries with dubious human rights records. Internal emails and financial records show that in the past five years, Hacking Team’s Remote Control System software — which can infect a target’s computer or phone from afar and steal files, read emails, take photos and record conversations — has been sold to government agencies in Ethiopia, Bahrain, Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, South Sudan, Azerbaijan and Turkey. An in-depth analysis of those documents byThe Intercept shows Hacking Team’s leadership was, at turns, dismissive of concerns over human rights and privacy; exasperated at the bumbling and technical deficiency of some of its more controversial clients; and explicitly concerned about losing revenue if cut off from such clients.


NOTHING IS UNTRACEABLE: HOW THE HACKINGTEAM GOT BUSTED  

“Here in HackingTeam we believe that fighting crime should be easy,” promises the Italian company that offers surveillance services to national governments and law enforcement.

HackingTeam assured its clients that its services were untraceable. They also assured everyone else that their client list did not include repressive regimes. Now it appears that neither of those claims may be true.

On Sunday, HackingTeam found itself on the receiving end of an attack. A whopping 400GB of data purported to have been stolen from the company includes a client list featuring some of the countries with the lowest World Bank rankings for freedom of expression, transparency, and the rule of law—countries such as Kazakhstan, Uzbekistan, and Saudi Arabia. That alone would be troublesome for HackingTeam, but then there’s the little matter of how 20 of the nation clients were already known because security researchers were in fact able to trace the supposedly “untraceable” surveillance activities of HackingTeam’s clients more than a year ago.


UK and US demands to access encrypted data are ‘unprincipled and unworkable’ 

Demands by US and British security agencies for access to encrypted communication data have been dealt a serious blow in a report by an influential group of cryptographers and computer scientists who dismiss the move as unprincipled and unworkable.

They warn that such access “will open doors through which criminals and malicious nation states can attack the very individuals law enforcement seeks to defend”.

The report says: “The costs would be substantial, the damage to innovation severe and the consequences for economic growth hard to predict. The costs to our moral authority would also be considerable.”

The expert opinion comes on the eve of an appearance before the US Senate intelligence committee by the FBI director, James Comey, who last year savaged tech companies for embracing end-to-end encryption, claiming it would deprive the security services of potentially life-saving information.


India wants internet surveillance transparency 

India has called for transparency and accountability in internet security surveillance and for striking balance between human rights and national security.

The global community needs “to create frameworks so that internet surveillance practices motivated by security concerns are conducted within a truly transparent and accountable framework”, Santosh Jha, external affairs ministry director general, told the UN General Assembly on Wednesday.


Humans are the weakest link when it comes to encryption 

Encryption works,” said Edward Snowden in June 2013, in reply to a question from a Guardian reader about how he could protect his communications from NSA/GCHQ surveillance. “Properly implemented strong crypto systems are one of the few things that you can rely on.” Mr Snowden is a smart and thoughtful guy and he chooses his words with care. So note the qualifications in that sentence: “strong crypto” and “properly implemented”.

By strong crypto, he meant public-key cryptography, which works by using two separate keys, one of which is private and one of which is public. Although different, the two parts of the key pair are mathematically linked. The concept originated, ironically, in GCHQ in 1973, but only reached the public domain four years later after three MIT researchers, Ron Rivest, Adi Shamir and Leonard Adleman, independently invented a way to implement it. Their algorithm was christened RSA, based on the first letters of their surnames.


OPINION: UNREGULATED TECHNOLOGY THREATENS AMERICANS’ RIGHT TO PRIVACY Orwell’s 1984 surveillance state has arrived. By scanning identifying characteristics of your body, a computer can figure out who you are, where you’ve been, and very often what you’re doing. Coupled with the ubiquitous presence of cameras, your identity is becoming a commodity to be captured, held, bought, and sold without your permission. And unfortunately, most everyone’s response to these circumstances has been acquiescence. Acceptance of universal surveillance is now the default setting for our expectations on privacy, and that’s a very bad thing.


Amnesty calls for GCHQ spying inquiry 

Campaign group Amnesty International has called for an independent inquiry after it was confirmed it was spied on by British surveillance agency GCHQ.

It said it was “outrageous” that human rights bodies were being monitored.

It came after the Investigatory Powers Tribunal (IPT) informed Amnesty that GCHQ had breached rules by keeping data intercepted from it for too long – although it had been collected legally.


New Chinese Law Reinforces Government Control of Cyberspace China’s legislature passed sweeping legislation on Wednesday that reinforces government controls over cyberspace, as the nation’s leaders try to address what they see as growing threats to Chinese networks and national security.

The vaguely worded National Security Law is one of several new regulatory moves by China that worry privacy advocates and have foreign businesses concerned about potential harm to their operations inside the country.

The law calls for strengthened management over the web and tougher measures against online attacks, theft of secrets, and the spread of illegal or harmful information.

It said core information technology, critical infrastructure and important systems and data must be “secure and controllable” in order to protect China’s sovereignty over its cyberspace.

The law offered no details on how China would achieve the goals, although a vast government Internet monitoring system has been in place for years.

China says it is a major target of hacking and other cyberattacks, and the ruling Communist Party has expended vast efforts in blocking online content it deems subversive or illegal.


 

AFET Committee adopts its Report on Human rights and technology 

The European Parliament Committee on Foreign Affairs (AFET) adopted its Report on “Human rights and technology: the impact of intrusion and surveillance systems on human rights in third countries” on 26 May 2015. The Rapporteur, Marietje Schaake (ALDE, Netherlands) welcomed the adoption of the Report and stressed that “the European Union must assess the impact on human rights when it comes to the use and trade of harmful technologies, and where needed develop regulations urgently”. The Report will be voted at the plenary session of the European Parliament on 9 July.

The Report aimed at providing input in order to help create smart European legislation which deals adequately with all the concerns, but at the same time takes into account new technological solutions. Appropriate technology tools could generate enormous opportunities in helping to strengthen human rights. However, some of those tools can also be used to try to maintain or reinforce injustices. Thus, there is a growing need to ensure the safety and security of citizens, bearing in mind the fact we are living in a world of globalised surveillance. Specifically, human rights defenders and whistleblowers are usually the main targets of surveillance by state authorities, but also by non-state actors.


GCHQ Intercepted Human Rights Group Data 

GCHQ intercepted the communications of human rights organisations and acted unlawfully by failing to follow proper procedures, the UK’s most secretive court has found.

The two targets were the South African Legal Resources Centre (LRC) and the Egyptian Initiative for Personal Rights (EIPR).

The Investigatory Powers Tribunal, which oversees the UK intelligence agencies, said that their emails had been intercepted by GCHQ, but that this had been done “lawfully and proportionately”.

However, GCHQ had acted unlawfully because EIPR’s communications had been kept for longer than permitted, although the court said it was happy these communications had not actually been accessed during this period.

LRC’s communications were intercepted lawfully, but there was an error in selecting which communications should be examined, which was unlawful.

Neither of the non-governmental organisations were awarded compensation.


Encryption makes us safer 

Recently, leaders from both sides of the Atlantic have argued that securing our communications impedes law enforcement and puts us all at risk. U.K. Prime Minister David Cameron said, responding to the Charlie Hebdo attacks, “In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to listen in on mobile communications.The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not.”

However, another leader, this one at the UN, vehemently disagrees. On Wednesday, David Kaye, the newly appointed U.N. Special Rapporteur on freedom of expression, presented his landmark report on cryptography and anonymity to the U.N. Human Rights Council in Geneva. This report contains real-world facts, rather than the politically motivated rhetoric that so often obscures them. These facts include the verifiable, positive impact that encryption can have on people’s lives.


 

UK.gov spied on human rights warriors at Amnesty International 

The British government has admitted that its spook agency GCHQ spied on Amnesty International, according to campaigners at the human rights group.

Amnesty said on Wednesday that it had received an email from the Investigatory Powers Tribunal (IPT) – the organization responsible for policing the UK’s surveillance of its own citizens – revealing that the government intercepted, accessed and stored its communications for an unspecified period of time.

“How can we be expected to carry out our crucial work around the world if human rights defenders and victims of abuses can now credibly believe their confidential correspondence with us is likely to end up in the hands of governments,” said Salil Shetty, Amnesty International’s secretary general.

“The revelation that the UK government has been spying on Amnesty International highlights the gross inadequacies in the UK’s surveillance legislation. If they hadn’t stored our communications for longer than they were allowed to, we would never even have known. What’s worse, this would have been considered perfectly lawful.”


UK online snooping against Pakistan ‘alarming’ 

ISLAMABAD: Digital rights activists and lawmakers appear equally concerned by recent claims that Britain’s Government Communications Headquarters (GCHQ) gained access to Pakistan’s Internet Exchange under its computer network exploitation (CNE) — or hacking — operations.

The revelations, made by journalists Glenn Greenwald and Andrew Fishman in a recent article for The Intercept, indicate that by using vulnerabilities in ‘Cisco routers’ and software reverse-engineering (SRE), the agency was able to access “almost any user of the Internet” inside Pakistan and also able “to re-route selective traffic across international links towards GCHQ’s passive collection systems.”

An official GCHQ document, marked ‘Top Secret’ and released by The Intercept along with Mr Greenwald’s story, is claimed to be the source of these claims. The document is purported to be an application for the extension of a warrant under which GCHQ conducted international surveillance.

In a specific reference to Pakistan the document states: “GCHQ’s CNE operations against in-country communications switches (routers) have also benefited from SRE. Capability against Cisco routers developed by this means has allowed a CNE presence on the Pakistan Internet Exchange which affords access to almost any user of the internet inside Pakistan. Our presence on routers likewise allows us to re-route selected traffic across international links towards GCHQ’s passive collection systems.”


June 2015

Kaspersky software reverse engineered by NSA, GCHQ: Report 

Edward Snowden, the former NSA contractor and whistleblower, has leaked documents that claim the US National Security Agency (NSA) and UK Government Communications Headquarters (GCHQ) have actively reverse engineered security and anti-virus software to obtain intelligence, according to a report by The Intercept.

The documents obtained reportedly highlight the Russian software security firm, Kaspersky Lab, as one of the main targets, with GCHQ reverse-engineering Kaspersky’s anti-virus software looking for vulnerabilities that could be subverted.

The Intercept posted an NSA document titled “Project Camberdada” that lists at least 23 antivirus and security firms that were in that spy agency’s sights — none of the companies were of U.K. or U.S. origin, but there was more than one firm from the country in which Snowden now calls home.


Why Mass Surveillance Violates International Law 

Around the world repressive governments are trying to stop Internet users from either posting anonymously or using encryption to communicate securely. Russia requires bloggers with more than 3,000 visitors to register with the state and identify themselves; pseudonyms are outlawed in Vietnam; Ecuador requires commenters on websites to use their real name; Pakistan’s government must grant approval for the use of encryption; and Ethiopia convicted members of the dissident blogging collective Zone 9 on terrorism charges based in part on participation in an online encryption workshop.

In a groundbreaking report that was formally presented to the United Nation’s Human Rights Council on Wednesday (and is already available on its website now), David Kaye, the U.N.’s special rapporteur for the freedom of expression, has determined that such actions violate international law.


UN: Online Anonymity, Encryption Protect Rights 

Governments should promote the use of strong encryption and protect anonymous expression online. In an era of unprecedentedly broad and intrusive government surveillance, these tools often offer the only safe way for people in repressive environments to express themselves freely.

On June 17, 2015, the United Nations special rapporteur on freedom of expression presented hisreport on the use of encryption and anonymity in digital communication to the UN Human Rights Council. The special rapporteur recognized that encryption and anonymity, as leading instruments for online security, enable people to exercise their rights to freedom of opinion and expression and the right to privacy in the digital age. The report urged countries to ensure that people are free to protect the privacy of digital communications by using strong encryption and anonymity tools.


FACIAL RECOGNITION TECHNOLOGY PUT ON HOLD 

Jennifer Lynch, part of the Electronic Frontier Foundation declared to the public that it is a basic human right for a person not to be publicly recognized, without risking of being tracked down by various companies that would identify them according to their facial features. If the companies have not even agreed to this basic privacy aspect, there is no further point in continuing the discussions until they will change their position with respect to this matter.


Surveillance powers: New law needed, says terror watchdog 

Clear new laws are needed to cover security services’ powers to monitor online activity, the UK’s terror watchdog has said.

David Anderson QC, the independent reviewer of terrorism legislation, said the UK needed “comprehensive and comprehensible” intrusive powers rules.

Existing legislation was “fragmented” and “obscure”, he said in a 300-page report.

Ministers want new laws to help police and agencies monitor online threats.

But critics have dubbed government proposals a “snoopers’ charter”, warning the plans will infringe privacy.


The encryption ‘access’ debate heats up 

Even as the US government bids adieu to Clipper Chip, an infamous episode that influenced the cryptography debate for years, there is renewed focus in a number of quarters that it should not repeated.

The most recent evidence comes from a new report from the United Nation’s Office of the High Commissioner for Human Rights (OHCHR). A Special Rapporteur, David Kaye, was appointed to look into the use of encryption and anonymity in digital communications. In preparing the report—which will be presented to the U.N. Human Rights Council later this month—he drew from research on international and national norms and jurisprudence, and received input from governments and civil society.

Mr. Kaye concludes:

“compromised encryption cannot be kept secret from those with the skill to find and exploit the weak points, whether State or non-State, legitimate or criminal. It is a seemingly universal position among technologists that there is no special access that can be made available only to government authorities, even ones that, in principle, have the public interest in mind.”


Surveillance laws are being rewritten post-Snowden, but what will really change? For anyone still in doubt about the impact of Edward Snowden’s revelations, it might be instructive to review what has been going on in the US Congress over the last few months, with legislators grappling with bills aimed at curbing the surveillance capabilities of the NSA and other federal agencies. In the end, in a classic congressional farce, there was a brief intermission in the NSA’s data-gathering capabilities, after which the Senate passed a bill to end the agency’s bulk collection of the phone records of millions of Americans.


Brace yourself, Britain – totalitarianism is upon us, and David Cameron is leading it

Hearing the Queen outline the government’s intention to give police and other public bodies greater powers to monitor communications was enough to send chills down any libertarian’s spine.

However, it’s not just libertarians who should be worried about the proposed Investigatory Powers Bill – dubbed the ‘snooper’s charter’ – but the entire nation.


U.K. State Surveillance Powers Challenged Under Human Rights Law 

The U.K. government is facing a legal challenge to surveillance legislation that was rushed through parliament last year. At the time the Data Retention and Investigatory Powers Bill (now DRIPA) was criticized for granting the government overly broad and draconian powers to retain digital comms data — and for the lack of parliamentary time afforded for proper scrutiny. The bill was given cross-party support, becoming law within just three days after minimal public debate.

A case is being heard in the U.K. High Court today and tomorrow, brought by civil rights campaign group Liberty and two MPs: the Labour Party’s Tom Watson and the Conservative’s David Davis. They are challenging DRIPA on Human Rights grounds — referencing the rights to respect for private and family life, and of protection of personal data.

It was the European Court of Justice that struck down European data retention powers earlier last year, on the grounds that they were overly broad. The secondary twist here is that the Conservative party manifesto contained a pledge to scrap the U.K.’s Human Rights Act and replace it with a British Bill of Rights, potentially severing the formal link with the European Court of Human Rights. So the type of legal challenge being brought against dragnet state surveillance powers today may not be possible in future (although the Tories have not yet set out any formal parliamentary plans for implementing a British Bill of Rights).

Commenting on the legal challenge in a statement, Labour’s Watson said: “The government’s decision to use emergency powers to enable it to spy on citizens shows the rights of the individual need to be strengthened to ensure the state can’t act with impunity. Even MPs are powerless to prevent such powers being enacted.

“The Human Rights Act allows us to challenge those powers in the courts but the Tory Government is intent on tearing up the Act and doing away with the limited legal protection it affords. It is vital that we fight for it to be retained.”


 

Tim Cook attacks tech rivals that mine and sell personal data 

Apple chief executive Tim Cook has heavily criticised tech companies which attempt to monetise customer data for advertising purposes, saying such a trade comes at “a very high cost”.

While Cook did not explicitly identify the companies, his assertion that some of Silicon Valley’s most prominent and successful companies “have built their businesses by lulling their customers into complacency about their personal information” can be read as referring to Facebook and Google, who use targeted advertising and store vast amounts of user data.

Speaking by video link during EPIC’s Champions of Freedom event in Washington upon being honoured by the research centre for corporate leadership, Cook said he and his team at Apple firmly believed customers should not have to compromise between privacy and security.

“We can, and we must provide both in equal measure,” he said. “We believe that people have a fundamental right to privacy. The American people demand it, the constitution demands it, morality demands it.”

“I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They’re gobbling up everything they can learn about you and trying to monetise it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.”


Should tech firms leave the UK over encryption laws?  

Following the election, the new Conservative government revealed plans for new tech regulations, notably the Investigatory Powers Bill, which would require communications companies to hold message metadata for a full year, and could see encryption watered down to include backdoors.

Last week, Ind.ie, a social network startup based in Brighton, said it plans to move “to avoid the possibility of having to add backdoors to our products,” cofounder Aral Balkan said in a blog post.

This week, security firm Eris Industries said it would relocate staff out of the UK as “this proposed bill would impinge vital and legitimate business interests of our company,” according to COO Preston Byrne.


UPDATE: London Police Plan Mass Use Of Body Cameras

London (Alliance News) – Most police in Britain’s capital will use body-mounted cameras by next March as the city plans to order 20,000 extra devices to help officers “fight crime and boost public confidence,” Mayor Boris Johnson said on Wednesday.

But a leading British human rights group warned of the potential for the cameras to be used as “highly intrusive surveillance tools” and called for an urgent public debate.

The Metropolitan Police will equip all neighbourhood officers and “response officers” with the cameras, giving London the world’s largest concentration of body-mounted cameras, following a trial with some 1,000 devices since last year.

“This is exciting technology that will build trust, help the police do their jobs, and allow the public to hold officers more accountable,” Johnson said.

“Our plans for the roll-out of body-worn video will make the technology available to more officers in a single city than anywhere else in the world and is a giant step towards a truly 21st century police force for London,” he said.

The Harvard Law Review said in April that use of the cameras “presents many challenges for lawyers and policymakers who must balance the positive goals of this initiative with deep and legitimate concerns about misuse of this powerful technology.”


may 2015


U.N. Special Rapporteur Calls Upon States to Protect Encryption and Anonymity Online 

Last Thursday, David Kaye, the U.N’s newest free speech watchdog, released a groundbreaking report calling upon states to promote strong encryption and anonymity. Kaye assumed the role of Special Rapporteur for Freedom of Expression in August 2014, and this, his first report, will be presented at the 29th regular session of the United Nations Human Rights Council in Geneva mid-June.

His analysis comes at a key moment.  The ability to communicate anonymously and to use encryption is more important than ever and the Rapporteur rightly notes that privacy is a gateway for freedom of opinion and expression, saying:

“Encryption and anonymity, today’s leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those persecuted because of their sexual orientation or gender identity, activists, scholars, artist and others to exercise the rights to freedom of expression and opinion.”

We strongly agree.


U.N. report: Encryption is important to human rights — and backdoors undermine it

A new report from the United Nation’s Office of the High Commissioner for Human Rights says digital security and privacy are essential to maintaining freedom of opinion and expression around the world — and warns that efforts to weaken security tools in some countries may undermine it everywhere.

The report written by special rapporteur David Kaye says that encryption — the process of digitally scrambling information so that only authorized persons can access it — and anonymity tools “provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age.” The report will be presented to the U.N. Human Rights Council next month.


What Is the U.S. Doing About Wassenaar, and Why Do We Need to Fight It? In December 2013, the list of controlled technologies was amended to include surveillance systems for the first time, in response to reports linking exports of Western surveillance technologies to human rights abuses in countries such asBahrain and the UAE, Turkmenistan, and Libya.


Is your open source security software less secure? This is a recurring question that we get at Benetech about Martus, our free, strongly encrypted tool for secure collection and management of sensitive information built and provided by the Benetech Human Rights Program. It’s an important question for us and for all of our peers developing secure software in today’s post-Snowden environment of fear and worry about surveillance. We strongly believe not only that open source is compatible with digital security, but that it’s also essential for it.


Iris scanners can identify you in REFLECTIONS: Minority Report-style tech can be used up to 40ft away

Biometric technologies are on the rise. By electronically recording data about individual’s physical attributes such as fingerprints or iris patterns, security and law enforcement services can quickly identify people with a high degree of accuracy.

The latest development in this field is the scanning of irises from a distance of up to 40ft (12 metres) away.

Researchers from Carnegie Mellon University in the US demonstrated they were able to use their iris recognition technology to identify drivers from an image of their eye captured from their vehicle’s side mirror. 


Caution needed with anti-encryption tools that dodge data retention surveillance 

As Fairfax Media also reports, drug dealers and money launderers are using Phantom Secure, an encryption tool for Blackberry messages, and BlackPhones, a voice encrypter for Android phones, to communicate in code. No doubt terrorists are customers for the same technologies. So, just months after the national parliament reached an accord on mandatory requirements for communications companies to retain details about our calls, messages and web surfing, do we need to decide the even thornier questions of whether a ban on certain voice and data encryption tools is possible and, if so, whether it would be the right thing to do?

That’s a key difference between the existing so-called metadata retention law and any move against products like Phantom Secure and BlackPhone. All the retention law does, and even this much is highly contentious from a civil liberties perspective, is requires comms companies to keep certain transactional records.


Microsoft unites with tech companies to encourage strong security in government policy Privacy and security have been all over the news in the US recently with the upcoming expiration of the Patriot Act and the sun-setting of the NSA bulk data collection. Many tech companies have huge concern over how government will change laws to affect the security of their products. Recently, many big names in tech have sent a letter to Congress urging them to not require companies to install backdoors to encryption techniques.


Privacy, civil rights groups push rules for police body cameras 

A group of civil rights and privacy organizations has released principles it thinks law enforcement officers should abide by while using body cameras.

The American Civil Liberties Union, Leadership Conference on Civil and Human Rights, NAACP and the privacy group Electronic Frontier Foundation all signed on to the standards, as more agencies around the country adopt wearable cameras in light of recent shootings involving police officers and civilians.


GCHQ spies given immunity from anti-hacking laws

British intelligence officers are now exempt from prosecution for hacking under the Computer Misuse Act, under new legislation slipped through ‘under the radar’.

“Hacking is one of the most intrusive surveillance capabilities available to any intelligence agency, and its use and safeguards surrounding it should be the subject of proper debate. Instead, the government is continuing to neither confirm nor deny the existence of a capability it is clear they have, while changing the law under the radar, without proper parliamentary debate.”


Spy-tech firms Gamma and Trovicor target Shell Oil in Oman 

The Sultan of Oman’s intelligence services are spying on the local operations of British oil company Shell with the aid of controversial European tech companies, the Register has learned.

Documents seen by el Reg reveal that the internal phone systems at Petroleum Development Oman (PDO) – a joint venture between the Omani government and various Western energy companies including Shell – have been tapped on behalf of the Sultan’s intelligence service. The work was carried out by two notorious European firms specialising in “lawful interception” of communications: Gamma International and Trovicor.


Snowden: NSA And Allies Planned To Use Google And Samsung App Stores To Spy On Smartphones 

The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.

The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.


Iris scanners can now identify us from 40 feet away 

Biometric technologies are on the rise. By electronically recording data about individual’s physical attributes such as fingerprints or iris patterns, security and law enforcement services can quickly identify people with a high degree of accuracy.  The latest development in this field is the scanning of irises from a distance of up to 40 feet (12 metres) away. Researchers from Carnegie Mellon University in the US demonstrated they were able to use their iris recognition technology to identify drivers from an image of their eye captured from their vehicle’s side mirror.

However, introducing such technology will come with serious challenges. There are both legal issues and public anxiety around having such sensitive data captured, stored, and accessed.


 

april 2015

Privacy startup Ind.ie: Why we decided to leave the UK following election

Ind.Ie has raised tens of thousands through crowdfunding to create a pro privacy peer-to-peer network and smartphone app that allows users a Facebook experience without handing over personal information. Aral Balkan, Ind.ie founder and developer on the platform, explains why the startup has decided to leave the UK following the election results.


The Business Economics And Opportunity Of Open-Source Data Science Let’s take a look at the notion that the big data revolution was some kind of “overnight sensation” that magically appeared with no warning.  In reality, the big data revolution began more than a decade ago. It was ignited by search companies like Google and Yahoo, whose business models required new frameworks and techniques for processing huge amounts of data very rapidly.

Let’s take a look at the notion that the big data revolution was some kind of “overnight sensation” that magically appeared with no warning.  In reality, the big data revolution began more than a decade ago. It was ignited by search companies like Google and Yahoo, whose business models required new frameworks and techniques for processing huge amounts of data very rapidly.


 

Data tool helps companies detect, avoid slavery in supply chains – developed by Ariba (part of SAP)

Business networks and big data are joining to give companies new means to identify and eliminate slavery and other labor risks from across their complex global supply chains.  Data-savvy B2B participants in these networks can now newly uncover unsavory and illegal labor practices that may be hidden deep inside multi-level supplier ecosystems… Made in a Free World, a nonprofit group in San Francisco, is partnering with Ariba, an SAP company, to shine more light across the supply chain networks to not only stem these labor practices, but also reduce the risks that companies may unwittingly incur from within their own pool of buying…

Dillon: …There are over 30 million people…[in modern slavery] today. In…most cases, they’re in informal sectors, agricultural or service industries, much of which is finding its way into supply chains…

Minahan: …[As] companies begin to outsource more processes and manufacturing and assembly to low-cost regions, they’ve really looked to drive costs down. Unfortunately, what they haven’t done is really take a close look at their sub-tier supply chain. So they might have outsourced a process, but they didn’t outsource accountability for the fact that there may be forced labor in their suppliers’ suppliers…[This] is far more pervasive than most people think. Slavery really has no boundaries. There are incidences of forced labor in all industries, from conflict minerals in the Congo to fishing in Malaysia to, unfortunately, migrant workers right here in the United States…You can certainly outsource process or manufacturing, but you can’t really outsource accountability… [There] is a big movement afoot from regulators…to hold companies accountable [for their supply chains]…

Dillon: We are using all the best databases that currently exist on the issue. Everything from forced-labor databases to child-labor databases to rule-of-law, governance, migration, trade flows. All of that is synthesized into an algorithm…which gives you some optics into your sub-tier suppliers, which is where we need the optics. It’s not a crystal ball, but it’s the next best thing. That database and analysis are now available to anyone

Listen to the podcast. Find it on iTunes… Read a full transcript or download a copy.


 

Responsible Business Conduct in Cyberspace 

Surveillance and reconnaissance technologies invoke images of Hollywood spy movies.  This is a world of deep packet inspection (DPI), spyware, keyloggers, Trojan horses and password sniffing– tools invented to observe, capture and explore the behaviour and identities of people and organisations on computer networks. Sellers of such technologies often justify their use by saying they are intended to support law enforcement or protect the public welfare (e.g. through protecting against terrorist activity), but they often can also be used to facilitate human rights violations by the purchasers.

For example, recently a criminal complaint was brought against a French company, Amesys, which provided the former Libyan government with surveillance technology and support in using this technology. It is alleged this technology was used by the government to monitor opposition activists who were subsequently arrested, detained and tortured. The case is currently pending an outcome.

While all surveillance technologies impact the right to privacy, this example demonstrates that human rights are  at stake, and the rights include freedom of expression, freedom of association and freedom from torture.


 

Stop the Hysteria. Of Course Europe Wants an Open Internet 

THE EUROPEAN UNION and the United States have been friends and allies for decades. Our economies and our societies are so tightly intertwined that creating artificial divides and walls is not only practically difficult but potentially extremely damaging for both of us.

And yet, listening to some of the recent commentaryaround the high-tech sector, one might wonder whether the EU and the U.S. are indeed “divided by a common language”. The fact is that both the EU and the U.S. have recognized the paramount importance of supporting an open internet.


 

Russia beefs up anti-piracy laws 

The law was introduced in mid-2013 and gave the authorities the power to tell internet companies to cut off access to sites found to be pirating media. As first enacted, the law only applied to sites that shared pirated movies and TV shows. The updated law has been expanded to cover sites that share links to pirated music, books and software. It does not cover images.


 

Tech firms and privacy groups at odds over Patriot Act reform bill  The flagship anti-surveillance bill, the Freedom Act, aims at kicking the National Security Agency’s spying programs to the curb. The bill aims to end bulk domestic data collection, strengthen civil liberties, and give technology companies greater rights to transparency.


 

US: Pass USA Freedom Act The United States Congress should swiftly pass the USA Freedom Act to thwart bulk data collection and improve transparency and oversight of surveillance in the US, Human Rights Watch said today. The House Judiciary Committee approved the bill on April 30, 2015.


Cybercrime, security and rights 

Pakistani politicians, their advisers and bureaucrats are masters of creating deception. Their propensity to inflict crises and shoot themselves in the foot in self-defence also knows no limits. Their latest feat is the Prevention of Electronic Crimes Bill, 2015.

Let us take a look at Section 31 of the Prevention of Electronic Crimes Bill. It says that the government could block access to any website “in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality …”


Pakistani lawmakers should reject a new cybercrime prevention bill which contains provisions which threaten rights of privacy and freedom of expression


New Surveillance Self-Defense Playlist for LGBTQ Youth The Internet provides a wide-range of resources for LGBTQ youth to find community, health information, and other resources to explore and understand their identities. Unfortunately, many of these resources get censored, either intentionally or as collateral damage from the use of other filters. It can be difficult to access online resources without being outed to peers, family, and online advertisers. Young people need space to explore and experiment without fear that their curiosity will be punished or logged on their permanent records. Today we unveil a new playlist on Surveillance Self-Defense tailored to help young people safely access the information they need.


Online Violence: Just Because It’s Virtual Doesn’t Make It Any Less Real 

In the Democratic Republic of Congo, two teens’ private photos, taken by a boyfriend, are posted to Facebook without their consent. In Bosnia and Herzegovina, a young woman is covertly photographed and pursued online by a stalker who claims they have a “forbidden love.” And in Pakistan, an outspoken human rights activist’s address is included in a blog post imploring readers to kill her, and a month later, the activist and her husband are targeted in a drive-by shooting.

These are just a few examples of the many forms of online harassment that women face everywhere around the world. Women are regularly subject to online rape threats, online harassment, cyberstalking, blackmail, and more.


#unfollowme  “THEY KNOW WHERE YOU GOT ON THE BUS, WHERE YOU WENT TO WORK, WHERE YOU SLEPT, AND WHAT OTHER CELL PHONES SLEPT WITH YOU.”


Mass surveillance: Time to heed the voices in the wilderness 

It’s time to “draw a line under” the debate Edward Snowden sparked with his revelations about intrusive government mass surveillance and “move on”. So the UK Foreign Secretary Philip Hammond told a meeting of national security and intelligence professionals last month.

He was wrong. In fact, the debate is only beginning.

Just two days after Hammond’s speech, the UK Parliament’s Intelligence and Security Committee released a report which concluded that British laws governing intelligence agencies and mass surveillance require a complete overhaul to make them more transparent and understandable. Amnesty International called the country’s regulation of government surveillance “an inadequate mess”.

This is not mere rhetoric. The organization is in the process of bringing fresh legal action against both the UK and US governments to challenge their use of indiscriminate mass surveillance programmes to hoover up our communications – emails, calls, internet searches, contact lists, phone locations, webcam images and more – on an unprecedented scale.

Both these challenges proceed from the basis that such programmes constitute a fundamental breach of the human rights to privacy and freedom of expression. As far as human rights organizations are concerned, the surveillance of their confidential communications with their contacts also has grave implications for their ability to carry out their day-to-day work.


Latin America: surveillance and human rights in the digital age 

In  July 2014, the Uruguayan government secretly purchased the license for a piece of software to monitor citizen communications . “The Guardian” (or “Guardião”, as the Brazilian tool is known) is now being fully deployed with no clear guidelines. Civil society organisations fiercely opposed this development and are now starting a legal procedure to access information about the purchase. This is just one of many examples of surveillance technology being used in Latin America: Latin American democracies might be becoming increasingly established, but the intelligence and security agencies have not adjusted to a new democratic era. Regulation of these agencies is still problematic and poorly discussed. Furthermore, governments are discussing cyber-security issues in international forums with little consideration of human rights issues.

The secrecy and lack of regulation around surveillance technology poses a key question: how should we address the protection of human rights in an age of technological disruption in Latin America?


Amnesty International takes UK government to European Court of Human Rights over mass surveillance (Zack Whittaker/ZDNet)

A lawsuit aimed at challenging the UK government’s mass surveillance programs has been filed with the highest human rights court in Europe.

The case, filed by Amnesty International, Liberty, and Privacy International on Wednesday, is now in the hands of the European Court of Human Rights after the groups said they “exhausted” all legal avenues in the UK.

The suit aims to determine that the UK and US mass surveillance operations were in breach of Europe’s human rights laws.


 Nick Clegg would introduce a bill to ensure civil and human rights online if the Lib Dems entered parliament as part of a coalition after the general election

The bill, which would be introduced through an act of parliament, would aim to ensure that civil and human rights that apply to the physical world also apply online, and it would also seek to establish key rights that specifically apply to the digital sphere.

“The way in which we work, socialise, buy products and use services has changed at lightning speed since the digital revolution,” said Nick Clegg, announcing the policy.

“However, government and politicians have responded at snail’s pace, with a poor understanding of new technology and the impact it is having on our lives. We need to ensure that consumers, businesses, journalists and our children are protected in the online world.”


Can Africa fight cybercrime and preserve human rights? Cybercrime is actually most pervasive in South Africa, with security firm Norton saying 70% of South Africans have fallen victim to cybercrime, compared with 50% globally.

In June 2014, the African Union (AU) approved a convention on cybersecurity and data protection that could see many countries enact personal protection laws for the first time. For it to be implemented, however, 15 of the 54 AU member states will need to ratify the text.

“Cybersecurity is a growing concern for the nations of the African Union as more people come online,” says Drew Mitnick, junior policy counsel at human rights organisation Access, which has called on member states to ratify the convention as soon as possible.

“It is critical for the countries to adopt cybersecurity policies that better protect users while respecting their privacy and other human rights.”

‘Negative effects’

Mr Belayneh agrees that the document gives too much power to judges and law enforcement arms of governments, and says it fails to take into account the roles of education and consultation in combating cybercrime.


Don’t Spy On Us The UK’s intelligence services can process 21 petabytes of data per day – that’s 39 billion pieces of information that could be the private data of any citizen. This mass surveillance violates your privacy and chills free speech across the globe. The current law offers little protection. Don’t Spy on Us, a coalition of the most influential organisations who defend privacy, freedom of expression and digital rights in the UK and Europe are calling for reform of the legal framework so the intelligence agencies stop spying on us.

“We’ve come together to fight back against the system of unfettered mass state surveillance that Edward Snowden exposed. Right now, the UK’s intelligence services are conducting mass surveillance that violates the right to privacy of internet users and chills freedom of expression.

The current laws haven’t stopped the intelligence services expanding their reach into our private lives. Don’t Spy On Us is calling for an inquiry to investigate the extent to which the law has failed and suggest new legislation that will make the spooks accountable to our elected representatives, put an end to mass surveillance in line with our 6 principles and let judges not the Home Secretary decide when spying is justified.”

Privacy has become a human rights issue for the digital age  “With Snowden’s revelations, I realised the biggest human rights issue, in the UK certainly – and more broadly – was privacy. That’s really what attracted me to Open Rights Group,” says the solicitor, who a year ago became the legal director of the UK digital rights and civil liberties advocacy organisation.


Human Rights Watch sues over secret DEA surveillance program Human Rights Watch filed a lawsuit against the Drug Enforcement Agency Tuesday night, after a report detailing a secret surveillance program that collected Americans’ international call records for decades


Data privacy: the tide is turning in Europe – but is it too little, too late? The Guardian And so, the relentless march of technology – not to mention cheap labour, …. joins 25 positions dedicated to protecting and promoting human rights.


march 2015

 

UN Human Rights Council Appoints Special Rapporteur on the Right to Privacy UN Human Rights Council Appoints Special Rapporteur on the Right to Privacy … on privacy and data protection, technology, and human rights.

Mass Surveillance and Beyond: the Human Rights Council Takes (…)FIDH (press release)

UN: Major Step on Internet PrivacyHuman Rights Watch

New UN investigator to probe digital spyingReuters


 

Tech coalition including Microsoft, Apple, and Google presses attack on the Patriot Act Advocacy groups, major tech companies, and a coalition of huge firms including Google, Microsoft, and Apple have sent a letter to the Obama administration urging it to decisively end the NSA’s bulk collection of metadata, which expires June 1st as part of Section 215 of the Patriot Act. Obama has already urged Congress to develop a new framework for handling metadata, proposing that telecom companies hang onto the records and only hand them over when law enforcement receives a court order. That proposal was made a year ago. If Congress wants to keep allowing the government to access these records — and, yeah, it probably does — it’ll have to act within the next several months.


FRANCE: Privacy International, Amnesty International, FIDH, the French League for Human Rights and Reporters Without Borders are alarmed by the expansive surveillance powers to be granted to surveillance agencies contained in a Bill transferred to the French parliament on Friday. Under the new law, French intelligence agencies would be empowered to hack into computers and devices and spy on the communications of anyone who makes contact with a person under suspicion, even incidentally. The new law will enable them to do this without having to obtain a judicial warrant.

Joshua Franco, Researcher on Technology and Human Rights at Amnesty International, said: France cannot let the quest for security come at the cost of respecting the human rights to free expression and privacy. These broad and invasive surveillance powers would not be subject to meaningful oversight and may lead to people censoring themselves online.


Protecting Internet Freedom With Localization Tools Marketwired (press release) Of course, everyone should have the right to communicate and request … RightsCon is about the intersection of technology and human rights. We are ..


Is Privacy Obsolete? | The Nation The Nation. Humanrights groups would condemn such a state for denying the most … Digitaltechnology has exponentially expanded the government’s ability to …


Facebook data privacy case opens in European court Irish Times … a complaint that United States technology companies and their Dublin-based … in turn are subject to the European Convention on Human Rights – and that the … data for up to two years violated the Charter of Fundamental Rights.


How exiles are using social media but fear spies listening in Index On Censorship “Ugandan LGBTI people – unless well-known human rights defenders – tend … Globally available and free technology platforms are helpful, but tools, .


Human rights left out of sight in UK’s new surveillance guidelines Access (blog)  On Friday, Access and a coalition of civil society organizations, including the Center for Democracy & Technology, the Electronic Frontier Foundation


China web freedom group faces online disruption   TheNewsTribune.com  Boxun.com, which publicizes allegations of corruption and human rights abuses inside China; German provider Deutsche Welle, and Google.


After years in shadows, France wants legal data monitoring The State The measure prompted outcry from some privacy advocates, human rights groups and the Paris bar association, despite the government’s efforts to … French surveillance bill would give govt NSA-like powerBellingham Herald France presents data monitoring legalization billJURIST


We need a privacy rapporteur  Al Jazeera America In response, tech companies are peddling smartphones with virtually … Last year the U.N. High Commissioner for Human Rights issued a report …


Privacy not worth sacrificing for sake of latest gadget Irish Times It is easy to be lured by the promises of wearable tech, helping us hone an athletic … Last year’s UN Human Rights Commissioner’s report, The Right to Privacy in the … A little old-fashioned Irish cynicism is what is needed right now.


Human rights committee raises data retention concerns Business Spectator Concerns about the government’s controversial data retention legislation have again been raised by a bipartisan human rights committee.


Global opposition to USA big brother mass surveillance Amnesty International Meanwhile, nearly two thirds said they wanted tech companies – like … protects our human right to privacy against indiscriminate mass surveillance.


Pakistan government faces lawsuit over spy software allegations Channel News Asia Bytes for All, a human rights organization in Pakistan focused on technology, has taken legal action against the government for contravening the …


‘Tech Can Be a Champion of Privacy,’ Edward Snowden TellsTech Leaders at SXSW American Civil Liberties Union News and Information (blog) As we’ve seen in the case of Stingray technology, Snowden noted, … view of the Internet, a more civil rights and human rights view of the Internet.”


Data privacy: Does anyone know where this train’s heading? Crosscut In 2012, Seattle adopted the U.N.’s Universal Declaration of Human Rights, …. But after stringent complaints from the ACLU (Technology and Liberty …


New paper recommends how to keep surveillance tech from human rights abusers Access (blog) The following is a guest post by Edin Omanovic, a researcher who focuses on export controls and surveillance technology at Privacy International, …


PEW Data On Public Perception Of Intelligence Agencies Is Biased And False Mintpress News (registration) (blog) You would be right in doing so. Let’s examine the …. A balance has to be struck between technological achievement and human rights to privacy.